Release Notes

12.0.20141010

Abstract

This document provides guidance and an overview to high level general features
and updates for SUSE Linux Enterprise Server 12. Besides architecture or
product-specific information, it also describes the capabilities and
limitations of SLES 12. General documentation may be found at: http://
www.suse.com/documentation/sles12/.

Product to be released: Q4 CY 2014

-------------------------------------------------------------------------------

Table of Contents

SUSE Linux Enterprise Server

    What's New?
    Documentation and Other Information
    How to Obtain Source Code
    Support Statement for SUSE Linux Enterprise Server
    Derived and Related Products
    Security, Standards, and Certification

Installation and Upgrade

    Installation
    Upgrade-Related Notes
    For More Information

Infrastructure, Package and Architecture Specific Information

    Architecture Independent Information
    Systems Management
    Performance Related Information
    Storage
    Virtualization

AMD64/Intel64 64-Bit (x86_64) Specific Information

    Trackpoint or Pointing Stick Configuration
    System and Vendor Specific Information
    RAS

POWER (ppc64le) Specific Information

    Remote Btrfs on POWER
    Huge Page Memory Support on POWER
    Inclusion of base IBM Power RAS tools
    IBM PowerLinux Development Tools Repository
    IBM PowerLinux DLPAR Tools Repository
    mlx5 Driver Supports New Mellanox Connect-IB Adapter for Power
    Architecture Level Set (ALS): SLES 12 supports only POWER8 and greater
        processors
    Kernel CPUidle Framework
    Platform Resource Reassignment Notification Handling
    GDB Support for POWER8 Processors
    GCC support for POWER8 processor
    Optimized GLIBC for POWER8
    PPC64 Improvement in Memory Support
    LLVM for POWER
    Support for the IBM POWER8 Processor added to Valgrind
    Support for the IBM POWER8 Processor Added to oprofile, libpfm, and PAPI

System z (s390x) Specific Information

    IPL from Tape is Deprecated
    Architecture Level Set
    Hardware
    Virtualization
    Storage
    Network
    Security
    RAS
    Performance

Driver Updates

    Network Drivers
    Storage Drivers

Packages and Functionality Changes

    OpenLDAP Overlays as Modules
    New Packages
    Updated Packages
    Removed and Deprecated Functionality
    Changes in Packaging and Delivery
    Modules

Technical Information

    Virtualization: Network Devices Supported
    Virtualization: Devices Supported for Booting
    Virtualization: Supported Disks Formats and Protocols
    Kernel Limits
    KVM Limits
    Xen Limits
    File Systems

Legal Notices
Colophon

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server is a highly reliable, scalable, and secure server
operating system, built to power mission-critical workloads in both physical
and virtual environments. It is an affordable, interoperable, and manageable
open source foundation. With it, enterprises can cost-effectively deliver core
business services, enable secure networks, and simplify the management of their
heterogeneous IT infrastructure, maximizing efficiency and value.

The only enterprise Linux recommended by Microsoft and SAP, SUSE Linux
Enterprise Server is optimized to deliver high-performance mission-critical
services, as well as edge of network, and web infrastructure workloads.

Designed for interoperability, SUSE Linux Enterprise Server integrates into
classical Unix as well as Windows environments, supports open standard
interfaces for systems management, and has been certified for IPv6
compatibility.

This modular, general purpose operating system runs on three processor
architectures and is available with optional extensions that provide advanced
capabilities for tasks such as real time computing and high availability
clustering.

SUSE Linux Enterprise Server is optimized to run as a high performing guest on
leading hypervisors and supports an unlimited number of virtual machines per
physical system with a single subscription, making it the perfect guest
operating system for virtual computing.

SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an
established technology leader with a proven history of delivering
enterprise-quality support services.

SUSE Linux Enterprise Server 12 has a 13 years life cycle, with 10 years of
General Support and 3 years of Extended Support. The current version (GA) will
be fully maintained and supported until 6 months after the release of SUSE
Linux Enterprise Server 12 SP1. If you need additional time to design, validate
and test your upgrade plans, Long Term Service Pack Support can extend the
support you get an additional 12 to 36 months in twelve month increments,
giving you a total of 3 to 5 years of support on any given service pack.

For more information, check our Support Policy page https://www.suse.com/
support/policy.html or the Long Term Service Pack Support Page https://
www.suse.com/support/programs/long-term-service-pack-support.html.

What's New?

Fix Status of the GNU Bourne Again Shell (bash)

Given the proximity of the SUSE Linux Enterprise 12 release to the publication
of the ?shellshock? series of vulnerabilities in the GNU Bourne Again Shell
(bash), we want to provide customers with information on the fix status of the
bash version shipped in the SLE 12 GA release:

  * CVE-2014-6271 (original shellshock)

  * CVE-2014-7169 (taviso bug)

  * CVE-2014-7186 (redir_stack bug)

  * CVE-2014-7187 and

  * non-exploitable CVE-2014-6277

  * non-exploitable CVE-2014-6278

Up-to-date information is available online: https://www.suse.com/support/
shellshock/.

SUSE Linux Enterprise Server 12 introduces a number of innovative changes. Here
are some of the highlights:

  * Robustness on administrative errors and improved management capabilities
    with full system rollback based on btrfs as the default file system for the
    operating system partition and SUSE's snapper technology.

  * An overhaul of the installer introduces a new workflow that allows you to
    register your system and receive all available maintenance updates as part
    of the installation.

  * SUSE Linux Enterprise Server Modules offer a choice of supplemental
    packages, ranging from tools for Web Development and Scripting, through a
    Cloud Management module, all the way to a sneak preview of SUSE's upcoming
    management tooling called Advanced Systems Management. Modules are part of
    your SUSE Linux Enterprise Server subscription, are technically delivered
    as online repositories, and differ from the base of SUSE Linux Enterprise
    Server only by their lifecycle.

  * New core technologies like systemd (replacing the time honored System V
    based init process) and wicked (introducing a modern, dynamic network
    configuration infrastructure).

  * The open source database system MariaDB is fully supported now.

  * Support for the open-vm-tools together with VMware for better integration
    into VMware based hypervisor environments.

  * Linux Containers are integrated into the virtualization management
    infrastructure (lib-virt). Docker is provided as a technology preview.

  * Support for the 64 bit Little-Endian variant of IBM's POWER architecture,
    in addition to continued support for the Intel 64 / AMD64 and IBM System z
    architectures.

  * GNOME 3.10 (or just GNOME 3), giving users a modern desktop environment
    with a choice of several different look and feel options, including a
    special SUSE Linux Enterprise Classic mode for easier migration from
    earlier SUSE Linux Enterprise desktop environments

  * For users wishing to use the full range of productivity applications of a
    Desktop with their SUSE Linux Enterprise Server, we are now offering the
    SUSE Linux Enterprise Workstation Extension (needs a SUSE Linux Enterprise
    Desktop subscription).

  * Integration with the new SUSE Customer Center, SUSE's central web portal to
    manage Subscriptions, Entitlements, and provide access to Support.

For users upgrading from a previous SUSE Linux Enterprise Server release it is
recommended to review:

  * the section called ?Support Statement for SUSE Linux Enterprise Server?

  * the section called ?Upgrade-Related Notes?

  * the section called ?Technical Information?

Documentation and Other Information

Available on the Product Media

  * Read the READMEs on the media.

  * Get the detailed changelog information about a particular package from the
    RPM (with filename <FILENAME>):

    rpm --changelog -qp <FILENAME>.rpm

  * Check the ChangeLog file in the top level of the media for a chronological
    log of all changes made to the updated packages.

  * Find more information in the docu directory of the media of SUSE Linux
    Enterprise Server 12. This directory includes PDF versions of the SUSE
    Linux Enterprise Server 12 Installation Quick Start and Deployment Guides.
    Documentation (if installed) is available below the /usr/share/doc/
    directory of an installed system.

  * These Release Notes are identical across all architectures, and the most
    recent version is always available online at http://www.suse.com/
    releasenotes/. Some entries are listed twice, if they are important and
    belong to more than one section.

Externally Provided Documentation

  * http://www.suse.com/documentation/sles12/ contains additional or updated
    documentation for SUSE Linux Enterprise Server 12.

  * Find a collection of White Papers in the SUSE Linux Enterprise Server
    Ressource Library at https://www.suse.com/products/server/resource-library
    /?ref=b#WhitePapers.

How to Obtain Source Code

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires SUSE to provide the source code that
corresponds to the GPL-licensed material. The source code is available for
download at http://www.suse.com/download-linux/source-code.html. Also, for up
to three years after distribution of the SUSE product, upon request, SUSE will
mail a copy of the source code. Requests should be sent by e-mail to
mailto:sle_source_request@novell.com or as otherwise instructed at http://
www.suse.com/download-linux/source-code.html. SUSE may charge a reasonable fee
to recover distribution costs.

Support Statement for SUSE Linux Enterprise Server

To receive support, customers need an appropriate subscription with SUSE; for
more information, see http://www.suse.com/products/server/services-and-support/
.

General Support Statement

The following definitions apply:

L1

    Problem determination, which means technical support designed to provide
    compatibility information, usage support, on-going maintenance, information
    gathering and basic troubleshooting using available documentation.

L2

    Problem isolation, which means technical support designed to analyze data,
    duplicate customer problems, isolate problem area and provide resolution
    for problems not resolved by Level 1 or alternatively prepare for Level 3.

L3

    Problem resolution, which means technical support designed to resolve
    problems by engaging engineering to resolve product defects which have been
    identified by Level 2 Support.

For contracted customers and partners, SUSE Linux Enterprise Server 12 and its
Modules are delivered with L3 support for all packages, except the following:

  * Technology Previews

  * sound, graphics, fonts and artwork

  * packages that require an additional customer contract

  * packages provided as part of the Software Development Kit (SDK)

SUSE will only support the usage of original (e.g., unchanged or un-recompiled)
packages.

MariaDB Replaces MySQL

The MariaDB open source database replaces the MySQL database system.

To retain compatibility with existing (MySQL based) deployments and
dependencies, MariaDB is using the name libmysql.so for shared libraries. Thus,
according to the SUSE and openSUSE Shared Library Policy the RPMs for the
MariaDB shared libraries are called libmysql .

For more information about the SUSE and openSUSE Shared Library Policy, see
http://en.opensuse.org/openSUSE:Shared_library_packaging_policy .

IBM Java 6

IBM Java 6 will be supported as part of SLES 12 until September 2017 on the
x86_64 and System z architectures.

Technology Previews

Technology previews are packages, stacks, or features delivered by SUSE. These
features are not supported. They may be functionally incomplete, unstable or in
other ways not suitable for production use. They are mainly included for
customer convenience and give customers a chance to test new technologies
within an enterprise environment.

Whether a technical preview will be moved to a fully supported package later,
depends on customer and market feedback. A technical preview does not
automatically result in support at a later point in time. Technical previews
could be dropped at any time and SUSE is not committed to provide a technical
preview later in the product cycle.

Please, give your SUSE representative feedback, including your experience and
use case.

openJDK

openJDK is available as a technical preview.

Docker templates

sle2docker is a convenience tool which creates SUSE Linux Enterprise images for
Docker. The tool relies on KIWI and Docker itself to build the images. Packages
can be fetched either from SUSE Customer Center (SCC) or from a local
Subscription Management Tool (SMT).

Docker

Docker is an open-source project to easily create lightweight, portable,
self-sufficient containers from any application. Docker is shipped under
technology preview in SLE12.

Hot-Add Memory

Hot-add memory is currently only supported on the following hardware:

  * certified systems based on recent Intel Xeon Architecture,

  * Fujitsu PRIMEQUEST 2000 series

If your specific machine is not listed, call SUSE support to confirm whether or
not your machine has been successfully tested. Also, regularly check our
maintenance update information, which will explicitly mention the general
availability of this feature.

QEMU: Include virtio-blk-data-plane

The virtio-blk-data-plane is a new experimental performance feature for KVM. It
provides a streamlined block I/O path, which favors performance over
functionality.

KVM: VMCS Shadowing support

VMCS Shadowing is a new VT-x feature that allows software in VMX non-root
operation to execute the VMREAD and VMWRITE instructions. Such executions do
not read from the current VMCS (the one supporting VMX non-root operation) but
instead from a shadow VMCS. This feature will help improve nested
virtualization performance. VMCS shadowing is provided as technology preview.

TPM/Trusted Computing

The experimental QEMU TPM passthrough feature should not be used in
environments where non-root access is grated to the host. To enable TPM
passthrough, the following actions must be taken in addition to allocating the
device in the guest domain xml:

1. The guest must pass tpm_tis.force=1 on the guest kernel command line. This
may be done by editing the bootloader configuration, typically found in /boot/
grub2/grub.conf , to append tpm_tis.force=1 to the linux line in the menuentry
stanza for the kernel being booted.

2. The host administrator must chmod o+w /sys/class/misc/tpm0/device/cancel .
As this permits host-wide access to cancel TPM commands by unprivileged users,
no unprivileged users must be permitted to access the host when it is put into
this configuration. It is anticipated that future versions of libvirt will
perform the privileged access of /sys/class/misc/tpm0/device/cancel on QEMU's
behalf such that permitting world write access to /sys/class/misc/tpm0/device/
cancel will not be necessary.

Memory Compression with zswap

Currently when a system's physical memory is exceeded, the system moves some
memory onto reserved space on a hard drive, called "swap" space; that frees
physical memory space for additional use. However, this process of "swapping"
memory onto (and back from) a hard drive is much, much slower than direct
memory access, so it can slow the entire system down.

The zswap driver inserts itself between the system and the swap hard drive, and
instead of writing memory to a hard drive it compresses memory. This speeds up
both the writing to swap and reading back from swap, which results in better
overall system performance while using swap. However, compressed memory still
uses some smaller amount of memory, so zswap has a limit to the amount of
memory which will be stored compressed, which is controllable by the /sys/
module/zswap/parameters/max_pool_percent file - by default, this is 20, which
indicates zswap will use only 20% of the total system physical memory to store
compressed memory. Additionally, zswap is disabled by default, so the boot
parameter zswap.enabled=1 must be used (it can be manually added at the boot
prompt, or the boot loader configuration can be updated to include it).

Multi-queue SSD Access

Multi-core systems with fast solid state storage are were unable to take
advantage of the storage hardware speed to full extent. This expecially
demonstrated itself as a lock contention in the kernel block layer.

A new multi-queue block layer extension now helps to reach the maximum hardware
speed with multiple hardware dispatch queue devices. This multi-queue block
layer extension is offered as a technology preview.

Xen: Performance Monitoring Tool for VMs

If Xen is booted with the vpmu=1 parameter, perf can be used within a PVHVM
guest to identify the source of performance problems.

Virtual Machine Sandbox

virt-sandbox provides a way for the administrator to run a command under a
confined virtual machine using qemu/kvm or LXC libvirt virtualization drivers.
The default sandbox domain only allows applications the ability to read and
write stdin, stdout, and file descriptors handed to it. It is not allowed to
open any other files. Enable SELinux on your system to get it usable. For more
information, see http://sandbox.libvirt.org/ .

Technology Previews: POWER (ppc64le)

KVM on ppc64le

Linux has managed to unify the Operating System layer nicely across different
architectures. This challenge still exists in the hypervisor space.

KVM solves the universal hypervisor challenge. It is now available across all
targets that SLES supports. KVM allows the administrator to create virtual
machines in the exact same fashion using the exact same set of tools on x86_64,
s390x and ppc64le.

This makes SLES the perfect platform for virtualization and cloud scenarios in
heterogeneous environments.

Technology Previews: System z (s390x)

Kdump on System z

Kdump for System z is included as technical preview.

KVM for s390x

Using Linux and virtualization technologies on System z, with good Linux and
KVM skills, but limited knowledge of System z and z/VM.

KVM is included on the s390x platform as a technology preview.

Running Linux with KVM in an LPAR allows x86 skilled administrators to explore
the potential of Linux on the mainframe. KVM on Linux allows the administrator
to create and manage virtual machines by himself, assign resources and benefit
from the workload isolation and protection, as well as the flexibility of KVM
based virtual machines, with the same tools and commands as know from a x86
based environment.

Over time, business requirements may increase the need and interest to explore
the full potential of the underlying platform. This can be achieved by getting
more and more insight into the unique hardware and performance characteristics
of System z, as well as the option to operate other environments on the
mainframe, also in collaboration with Linux.

Disk mirroring with real-time enhancement for System z

This functionality is currently included as technology preview in SLES 12

Hot-patching Support for Linux on System z Binaries

Hot-patch support in gcc implements support for online patching of
multi-threaded code for Linux on System binaries. It is possible to select
specific functions for hot-patching using a function attribute and to enable
hot-patching for all functions ( -mhotpatch ) via command line option. Because
enabling of hot-patching has negative impact on software size and performance
it is recommended to use hot-patching for specific functions and not to enable
hot-patch support in general.

For online documentation, see http://gcc.gnu.org/onlinedocs/gcc/ .

qeth: Accurate ethtool Output

Provides improved monitoring and service via more timely and accurate display
of settings and values via the ethtool when running on hardware that supports
the improved query of network cards.

Linux support for concurrent Flash MCL updates

Apply concurrent hardware microcode level upgrades (MCL) without impacting I/O
operations to the Flash storage media and notify users of the changed Flash
hardware service level.

PCI infrastructure enablement for IBM System z

This feature provides prerequisites for the System z specific PCI support.

snIPL Interface to Control Dynamic CPU Capacity

Remote control of the capacity of target systems in high available
configurations, allows to maintain the bandwidth during failure situation, and
removes the need for keeping unused capacity activated during normal operation.

Query OSA Address Table

Provide infrastructure to gather and display OSA and TCP/IP configuration
information via the OSA Query Address Table hardware function to ease
administration of OSA and TCP/IP configuration information.

Software Requiring Specific Contracts

Software Requiring Specific Contracts

The following packages require additional support contracts to be obtained by
the customer in order to receive full support:

PostgreSQL Database

Derived and Related Products

  * SUSE Linux Enterprise Desktop

  * Cloud

  * SUSE Manager

  * SUSE Linux Enterprise High Availability Extension ? With the SUSE Linux
    Enterprise High Availability Extension 12, SUSE offers the most modern open
    source High Availability Stack for Mission Critical environments.

Software Development Kit (SDK)

SUSE provides a Software Development Kit (SDK) for SUSE Linux Enterprise 12.
This SDK contains libraries, development environments, and tools along the
following patterns:

  * C/C++ Development

  * Certification

Security, Standards, and Certification

SUSE Linux Enterprise Server 12 has been submitted to the certification bodies
for:

  * Common Criteria Certification

  * FIPS 140-2 validation, see: http://csrc.nist.gov/groups/STM/cmvp/documents/
    140-1/140InProcess.pdf

For more information about certification please refer to https://www.suse.com/
security/certificates.html.

Support GB18030 Standard

SUSE Linux Enterprise conforms with Unicode 3.0 or higher, and thus it will be
GB18030 compliant.

Unicode 3.0 has been supported by glibc since version 2.2. and currently SUSE
Linux Enterprise uses a much newer version of glibc , so it is GB18030
compliant.

Installation and Upgrade

SUSE Linux Enterprise Server can be deployed in three ways:

  * Physical Machine,

  * Virtual Host,

  * Virtual Machine in paravirtualized environments.

Installation

Installing with LVM2, Without a Separate /boot Partition

SUSE Linux Enterprise 12 generally supports the installation with a linear LVM2
without a separate /boot partition, for example to use it with Btrfs as the
root file system, to achieve full system snapshot and rollback.

However, this setup is only supported under the following conditions:

  * Only linear LVM2 setups are supported.

  * There must be enough space in the partitioning "label" (the partition
    table) for the grub2 bootloader first stage files. If the installation of
    the grub2 bootloader fails, you will have to create a new partition table. 
    CAVEAT: Creating a new partition table destroys all data on the given disk!

For a migration from an existing SUSE Linux Enterprise 11 system with LVM2 to
SUSE Linux Enterprise 12 the /boot partition must be preserved.

CJK Languages Support in Text-mode Installation

CJK (Chinese, Japanese, and Korean) languages do not work properly during
text-mode installation if the framebuffer is not used (Text Mode selected in
boot loader).

There are three alternatives to resolve this issue:

 1. Use English or some other non-CJK language for installation then switch to
    the CJK language later on a running system using YaST+System+Language.

 2. Use your CJK language during installation, but do not choose Text Mode in
    the boot loader using F3 Video Mode. Select one of the other VGA modes
    instead. Select the CJK language of your choice using F2 Language, add
    textmode=1 to the boot loader command-line and start the installation.

 3. Use graphical installation (or install remotely via SSH or VNC).

UEFI 2.3.1 Support

SLE 12 is supporting booting systems following UEFI specification up to version
2.3.1 errata C.

Note: Installing SLE 12 on Apple hardware is not supported.

UEFI Secure Boot

SLES 12 and SLED 12 implement UEFI Secure Boot. Installation media supports
Secure Boot. Secure Boot is only supported on new installations, if Secure Boot
flag is enabled in the UEFI firmware at installation time.

For more informations, see Administration Guide , section Secure Boot .

Current Features and Limitations in a UEFI Secure Boot Context

Support for Secure Boot on EFI machines is enabled by default.

When booting with Secure Boot mode enabled in the firmware, the following
features apply:

  * Installation to UEFI default boot-loader location with a mechanism to
    restore boot entries.

  * Reboot via UEFI.

  * Xen hypervisor can be booted without MSFT signature.

  * UEFI IPv6 PXE boot support.

  * UEFI get videomode support, the kernel is able to retrieve the video mode
    from UEFI to configure KMS mode with the same parameters.

  * UEFI booting from USB devices is supported

Simultaneously, the following limitations apply:

  * bootloader, kernel and kernel modules must be signed.

  * kexec and kdump are disabled.

  * Hibernation (suspend on disk) is disabled.

  * Access to /dev/kmem and /dev/mem is not possible, not even as root user.

  * Access to I/O port is not possible, not even as root user. All X11
    graphical drivers must use a kernel driver.

  * PCI BAR access through sysfs is not possible.

  * custom_method in ACPI is not available.

  * debugfs for asus-wmi module is not available.

  * The acpi_rsdp parameter does not have any effect on the kernel.

When booting with Secure Boot mode disabled in the firmware, the following
features apply:

  * None of the limitations listed above are active.

  * The machine always stays bootable, regardless whether secure boot is later
    toggled in the firmware.

  * The feature to retain EFI boot-manager entries after firmware updates or
    NVRAM resets is available even on systems without (or with disabled) Secure
    Boot support.

Simultaneously, the following limitations apply:

  * shim.efi is always used in the boot process.

Secure boot on EFI machines can be disabled during installation by deactivating
the respective option on the installation settings screen under "Bootloader".

Rollback with Snapper on Btrfs

If an update fails or causes trouble, it is sometimes helpful to be able to go
back to the last working state.

Requirements to Create Atomic Snapshots

  * Root filesystem needs to be btrfs

  * Root filesystem needs to be on one device, including /usr

That is needed since snapshots need to be atomic, and that is not possible if
the data is stored on different partitions, devices, or subvolumes.

How to Do the Rollback

During boot, you can select an old snapshot. This snapshot will then be booted
in something like a read-only modus. All the snapshot data is read-only, all
other filesystems or btrfs subvolumes are in read-write mode and can be
modified. To make this snapshot the default for the next reboot and switch it
into a read-write mode, use "snapper rollback".

What Will Not Be Rolled Back

The following directories are excluded from rollback. This means that changes
below this subdirectory will not be reverted when an old snapshot is booted, in
order to not lose valuable data. On the other hand, this may prevent some
third-party services from starting correctly when booting from an old snapshot.

/boot/grub2/i386-pc (We cannot rollback bootloader)
/boot/grub2/x86_64-efi (We cannot rollback bootloader)
/boot/grub2/power-ieee1275 (We cannot rollback bootloader)
/home (if not already on an own partition)
/opt (Prevents rollback if addons or packages are installed there)
/srv (web services may not be functional after a rollback anymore)
/tmp
/usr/local
/var/crash
/var/log (services which move files and/or permissions may not be functional anymore after a rollback)
/var/mail (if not a symlink to /var/spool/mail)
/var/opt
/var/spool (services which move/convert files and/or permissions may not be functional anymore after rollback)
/var/tmp

Known Issues or Limitations

In general, roolback can result in inconsistencies between the data on the root
partition (which has been rolled back to an earlier state) and data on other
subvolumes or partitions. These inconsistencies may include the use of
different file paths, formats and permissions.

  * Add-ons and third party software installed in separate subvolumes or
    partitions, such as /opt, can be completly broken after a rollback of a
    Service Pack.

  * Newly created users will vanish from /etc/passwd during a rollback, but the
    data is still in /home , /var/spool , /var/log and similar directories. If
    a new user is created later, it may be given the same user id, making it
    the owner of these files. This can be a security and privacy problem.

  * If a package update changes permissions/ownership of files/directories
    inside of a subvolume (like /var/log , /srv , ...), the service may be
    broken after a rollback, because it is no longer able to write/access/read
    the files/data.

  * General: if there are subvolumes like /srv , containing a mix of code and
    data, rollback may lead to loss of data or broken/non-functional code.

  * General: if an update to a service introduces a new data format, rolling
    back to an old snapshot may render the service non-functional, if the older
    version is unable to handle the new data format.

  * Rollback of the boot loader is not possible, since all "stages" of the boot
    loader must match. However, as there is only one MBR (Master Boot Record)
    per disk, there cannot be different snapshots of the other stages.

Installing from a USB Flash Disk

The ISO installation images can be directly dumped to a USB device such as a
flash disk. This way you can install the system without the need of a DVD
drive.

Several tools for dumping are listed at http://en.opensuse.org/
SDB:Live_USB_stick .

UEFI Secure Boot

When booting the installer from the DVD product media on a secure boot enabled
system, the installation process is validated by the secure boot signature.

For more information about UEFI and secure boot, see the Administration Guide .

Upgrade-Related Notes

This section includes upgrade-related information for this release.

VMware Does Not Support Migrating from SUSE Linux Enterprise Server 11 to 12

VMware does not support the installation of major update releases on an
operating system as an upgrade in a virtual machine, such as Windows 7 to
Windows 8 or RHEL 5.x to RHEL 6.0. VMware recommends the installation of a new
major releases in a new virtual machine. The same applies to updates from SUSE
Linux Enterprise 11 to 12. See http://kb.vmware.com/kb/2018695 for reference.

Therefore SUSE will not recommend or support the migration between major
versions of SUSE Linux Enterprise as the guest OS on VMware either.

In case you still would like to perform such a migration?although unsupported?,
we suggest the following steps:

 1. Before starting the migration, run the special VMware uninstall script /usr
    /bin/vmware-uninstall-tools.pl .

 2. Perform the migration.

After the migration install the package open-vm-tools manually.

File System Layout

For general information about the file system layout, see the Administration
Guide, Chapter Snapper.

Additional Information

/run/media/<user_name> is now used as top directory for removable media mount
points. It replaces /media , which is not longer available.

dhcpcd Replaced by wicked and dhcp-client

dhcpcd package was replaced by wicked and dhcp-client packages.

/tmp Cleanup from sysconfig Automatically Migrated into systemd Configuration

By default, systemd cleans tmp directories daily, and systemd does not honor
sysconfig settings in /etc/sysconfig/cron such as TMP_DIRS_TO_CLEAR. Thus it is
needed to transform sysconfig settings to avoid potential data loss or unwanted
misbehavior.

When updating to SLE 12, the variables in /etc/sysconfig/cron will be
automatically migrated into an appropriate systemd configuration (see /etc/
tmpfiles.d/tmp.conf ). The following variable are affected:

MAX_DAYS_IN_TMP
MAX_DAYS_IN_LONG_TMP
TMP_DIRS_TO_CLEAR
LONG_TMP_DIRS_TO_CLEAR
CLEAR_TMP_DIRS_AT_BOOTUP
OWNER_TO_KEEP_IN_TMP

Migrating to SUSE Linux Enterprise 12

Migration is supported from SUSE Linux Enterprise 11 SP3 (or higher) using the
following methods:

  * Booting from an installation medium (ISO image)

  * Automated migration from SLE 11 SP3 to 12

For more information, see the Deployment Guide comming with SUSE Linux
Enterprise.

For More Information

For more information, see the section called ?Infrastructure, Package and
Architecture Specific Information?.

Infrastructure, Package and Architecture Specific Information

Architecture Independent Information

Kernel

Ext4: Experimental Features

Ext4 has some features that are under development and still experimental. Thus,
using these features poses a significant risk to data. To clearly indicate such
features, the Ext4 driver in SUSE Linux Enterprise 12 refuses to mount (or
mount read-write) file systems with such features. To mount such file systems
set the allow_unsupported module parameter (either when loading the module or
via /sys/module/ext4/parameters/allow_unsupported ). However setting this
option will render your kernel, and thus your system unsupported.

Features which are treated this way are: bigalloc, metadata checksumming, and
journal checksumming.

Enabling Full Heap Randomization

[All architectures] CONFIG_COMPAT_BRK has been disabled to allow randomisation
of the start address of the userspace heap. This can break old binaries based
on libc5. To revert to the old behavior, set the kernel.randomize_va_space
sysctl to 2.

[x86_64 only] CONFIG_COMPAT_VDSO has been disabled to enforce randomization of
the VDSO address of 32bit binaries on x86_64. This can break 32bit binaries
using glibc older than 2.3.3. To revert to the old behavior, specify vdso=2 on
the kernel command line.

Format of the 'microcode' Field in /proc/cpuinfo Changed

Due to a missing backport, the SLE 11 SP3 kernel is displaying the microcode
revision in /proc/cpuinfo as a decimal number.

The SLE 12 kernel changed the format to a hexadecimal number. Now it is
compatible with the mainline kernel.

Preparation for Non-linear Memory Mapping Deprecation

Non-linear mappings are considered for deprecation in upstream as part of code
cleanup. Of course, the existing syscall API (remap_file_pages) will stay and
will be implemented as an emulation on top of regular mmap interface. To ensure
a stable kernel application binary interface (kABI) during SLE 12 lifetime,
SUSE is preparing this change. As a result, the first use of the syscall will
trigger a warning and the module source code will not compile without
modification. If your software encounters this condition, get in touch with
your SUSE contact to get support during migration.

Kernel Package Layout Changed

The kernel-default package now contains the kernel image and all supported
modules. The kernel-default-base package is thus not necessary in normal
setups. Also, all the debugging symbols are packaged in the
kernel-default-debuginfo package.

Do not attempt to install the kernel-default-base package unless building a
minimal system. When using utilities like crash or systemtap , you only need to
install the kernel-default-debuginfo package. The
kernel-default-devel-debuginfo package is no longer needed and does not exist.

zone_reclaim_mode Autotuning

zone_reclaim_mode was enabled automatically if distance between any two NUMA
nodes is higher than RECLAIM_DISTANCE (which is 30 by for x86_64). This auto
tuning has led to many issues in the past and we expect it to cause even more
of them in the future as NUMA machines are more widespread.

Now auto-tuning is not active anymore. In sysctl.conf you can enable it for
those loads that need NUMA locality.

Initrd File Compression Format

By default, the initrd file is now compressed with:

xz -0 --check=crc32 --memlimit-compress=50%

Previsously, it was compressed with gzip.

Blacklisting iTCO_wdt in toshiba-aipsvcp

If iTCO_wdt driver is enabeld, the sensor driver shows that the service
processor is reporting a constant temperature in spite of heavy CPU load or the
CPU fan is stopped.

To disable the Intel watchdog functionality, we blacklist the iTCO_wdt driver
for SLES, SLED, and SLEPOS installations.

Removing the sync_supers Kernel Thread

The 'sync_supers' kernel thread will periodically wake-= up and synchronize all
dirty superblocks for all the mounted file systems. It makes the system's sleep
time shorter, and forces the CPU to leave the low power state every 5 seconds.

This kernel thread is gone and now each file system manages its own superblock
in a smart way without waking up the system unnecessarily.

Scaling of Dumps to Support 16S/24TB System

Both kexec-tools and the kernel are updated to support crashkernel sizes larger
than 896MB and crashkernels that load above 4GB.

SDIO 3.0 Support

Linux Kernel version 3.3 started supporting SD/SDIO version 3.0 that provides
faster read/write speed and enhanced security.

A SDIO (Secure Digital Input Output) card is an extension of the SD
specification to cover I/O functions.

Host devices that support SDIO can use the SD slot to support Wi-Fi, Bluetooth,
Ethernet, IrDA, etc.

SDIO 3.0 cards and hosts add support for UHS-I bus speed mode, which can be as
fast as 104MB/s.

Kernel Modules

An important requirement for every Enterprise operating system is the level of
support a customer receives for his environment. Kernel modules are the most
relevant connector between hardware ("controllers") and the operating system.

For more information about the handling of kernel modules, see the SUSE Linux
Enterprise Administration Guide.

Netfilter TEE Kernel Module

The netfilter TEE kernel module is now part of the standard kernel.

Security

Installing CA Certificates

For legacy reasons, /etc/ssl/certs may only contain CA certificates in PEM
format. Because this format does not transport usage information /etc/ssl/certs
may only contain CA certificates that are intended for server authentication.

OpenSSL understands a different format that transports the usage information,
therefore OpenSSL internally uses a different location, which contains
certificates of all kinds of usage type ( /var/lib/ca-certificates/openssl ).
If you put a certificate in plain PEM format in /etc/pki/trust/anchors/ and
call update-ca-certificates it should end up in both /var/lib/ca-certificates/
pem (i.e., /etc/ssl/certs ) and /var/lib/ca-certificates/openssl [as well as
other locations like the cert bundle or the Java keyring].

X.Org: fbdev Used in UEFI Secure Boot Mode (ASpeed Chipset)

The unaccelerated fbdev driver is used as a fallback in UEFI secure boot mode
with the AST KMS driver, EFI VGA, and other currently unknown framebuffer
drivers.

Linux Filesystem Capabilities

Our kernel is compiled with support for Linux Filesystem Capabilities. Since
SLE 12, it is enabled by default.

Disable it by adding file_caps=0 as a kernel boot option.

Basic Linux-Integrity Enablement (IMA, IMA-Appraisal, EVM)

IMA, IMA-appraisal, and EVM are configured in SLES-12, but not enabled by
default as additional configuration is required (for example enabling TPM,
labeling the filesystem).

IMA can be used to attest a system's runtime integrity. IMA measurements are
enabled with the boot parameter 'ima_tcb'. This starts a builtin policy which
measures all regular files that are executed or read by a process with root
uid. The builtin policy can be replaced with a system customized policy, for
more information, refer to https://www.kernel.org/doc/Documentation/ABI/testing
/ima_policy .

In order to enforce local file integrity, the filesystem is labeled with good
measurements (eg. hash, signature). IMA-appraisal verifies the current
measurement of a file matches the good value. If the values do not match,
access is denied to the file. For more information on creating public/private
keys used for signing files, loading the public key on the IMA keyring, and
labeling the filesystem, refer to http://sourceforge.net/p/linux-ima/wiki/Home/
#ima-appraisal and http://sourceforge.net/p/linux-ima/wiki/Home/#dracut .

EVM protects integrity sensitive inode metadata against offline attack. For
more information on creating trusted/encrypted keys and loading the EVM
keyring, refer to http://sourceforge.net/p/linux-ima/wiki/Home/#enabling-evm
and http://sourceforge.net/p/linux-ima/wiki/Home/#dracut .

OpenSSH FIPS Usage

The OpenSSH implementation included in SUSE Linux Enterprise 12 is currently
undergoing FIPS evaluation.

At this time, the certification is not finished. For more information, see the
SUSE press announcements page where we will publish a press release after the
certification is done.

To operate in FIPS mode, the openssh-fips RPM package must be additionaly
installed on the system. This package provides checksums for integrity checking
of the openssh package.

Also, 1024 bits DSA keys are not allowed and should be disabled as they will
not work.

Trusted and Encrypted Keys

Trusted and Encrypted Keys are now built-in to support EVM. More information
can be found here https://www.kernel.org/doc/Documentation/security/
keys-trusted-encrypted.txt .

Change of Default Locations for Root Certificates

Using /etc/ssl/certs or even a single bundle file to store SSL root
certificates makes it impossible to separate package and administrator provided
files. Package updates would therefore either not actually update the
certificate store or overwrite administrator changes.

A new location is now used to store trusted certificates:

  * /usr/share/pki/trust/anchors/ and /etc/pki/trust/anchors/ for the root CA
    certificates

  * /usr/share/pki/trist/blacklist/ and /etc/pki/trust/blacklist/ for
    blacklisted certificates

A helper tool called "update-ca-certificates" is used to propagate the content
of those directories to the certificate stores used by openssl, gnutls, and
openjdk.

/etc/ssl/certs links to an implemention specific location managed by p11-kit.
It must not be used by the admin anymore.

Administrators must put local CA certificates into /etc/pki/trust/anchors/
instead and run the update-ca-certificates tool to propagate the certificates
to the various certificate stores.

Turn off Default Compression in OpenSSL

With SLES 11 SP1, OpenSSL compresses data before encryption with impact on
throughput (down) and CPU load (up) on platforms with cryptographic hardware.
Starting with SLES 11 SP2 the behavior is adjustable by the environment
variable OPENSSL_NO_DEFAULT_ZLIB depending on customer requirements.

By default, compression in OpenSSL is now turned off.

Set OPENSSL_NO_DEFAULT_ZLIB per application or in a global configuration file.

Increased dmesg Restrictions

dmesg was providing all kinds of system internal information to any users. It
includes kernel addresses, crashes of services, and similar things that could
be used by local attackers.

The use of dmesg is now restricted to the root user.

Increased Key Lengths for the SSH Service

Cryptographic advances and evaluations strongly suggest no longer to use key
smaller than 2048 bit length. This is codified in various standards, for
example NIST SP 800-131A or BSI TR-02102.

SSH was updated to generate RSA keys with at least 2048 bits key length and
Elliptic Curve DSA keys of at least 256 bit key length.

The DSA keysize should also be incremented, but due to portability issues 1024
bit are still allowed. We recommend not to use or generate DSA keys, or try to
use 2048 or larger keys, but watch for interoperability issues.

cURL Now Provides SFTP and SCP Protocols

Customers were missing support of the encrypted "SFTP" and "SCP" (SSH based)
file transfer protocols in the cURL library.

The SFTP and SCP protocols have been enabled in the cURL libary.

GSSAPIKeyExchange in OpenSSH

Since SLES 11 SP3, the GSSAPIKeyExchange mechanism (RFC 4462) is supported.
This directive specifies how host keys are exchanged. For more information, see
the SLES Security Guide , Network Authentication with Kerberos .

Restricting Access to Removable Media

Use udisks2 to restrict access to removable media. For more information, see
the Security and Hardening Guide .

seccheck: Autologout Functionality

The seccheck package comes with a shell script that allows configuring
autologout functionality. For more information, install the seccheck package
and see the help output:

/usr/lib/secchk/autologout.sh --help

Note: The autologout cron job is disabled by default. To enable the
functionality, uncomment the cron job line.

Networking

Remote Login with XDMCP

Depending on your XDMCP client, the following configurations are supported:

  * If GLX is available from your X client (such as Xephyr), the default
    settings for the display manager (gdm) and for the window manager (GNOME3/
    sle-classic) should be used.

  * If GLX is not available from your X client to connect to the XDMCP server
    (such as XNest), XDM as the display manager should be used ( DISPLAYMANAGER
    ="xdm" in /etc/sysconfig/displaymanager ) and icewm should be used as the
    window manager ( DEFAULT_WM="icewm" in /etc/sysconfig/windowmanager ).

If both Xephyr and Xnest are available as the X client, Xephyr is the preferred
client to use.

How to enable the wicked "nanny" framework

Within the wicked family of tools, the nanny daemon is a policy engine that is
responsible for asynchronous or unsolicited scenarios such as hotplugging
devices.

The nanny framework is not enabled by default in SUSE Linux Enterprise 12. To
enable it either temporarily specify "nanny=1" on the boot prompt or activate
it in /etc/wicked/common.xml :

<config>
...
<use-nanny>true</use-nanny>
<config>

After a change at runtime, restart the network:

systemctl restart wickedd.service
wicked ifup all

For more information, see the SUSE Linux Enterprise Admin Guide , Section The
wicked Network Configuration .

The cachefilesd User-space Daemon

The cachefilesd has been included with a SLE 11 SP2 maintenance update.

The cachefilesd user-space daemon manages persistent disk-based caching of
files that are used by network file systems such as NFS. cachefilesd can help
with reducing the load on the network and on the server because some of the
network file access requests get served by the local cache.

PCI multifunction device support LAN, ISCSI and FCoE

see bnc #841170 initial description and detailed info esp. in comment #1

YaST FCoE client ( yast2 fcoe-client ) is enhanced to show the private flags in
additional columns to allow the user to select the device meant for FCoE. YaST
network module ( yast2 lan ) excludes storage only devices for network
configuration. Underlying tool hwinfo reads private flags from device and
provides info for YaST.

Passing Options to /etc/resolv.conf

With NETCONFIG_DNS_RESOLVER_OPTIONS in /etc/sysconfig/network/config you can
specify arbitrary options that netconfig will write to /etc/resolv.conf .

For more information about available options, see the resolv.conf man page.

IP-over-InfiniBand (IPoIB) Mode Configuration

When creating or editing a configuration for an IPoIB device via yast2-network
( YaST Control Center > Network Settings ) it is possible to select its mode.
The device's ifcfg is updated accordingly.

Systems Management

New XFS On-disk Format

SUSE Linux Enterprise 12 supports the new on-disk format (v5) of the XFS file
system. XFS file systems created by YaST will use this new format. The main
advantages of this format are automatic checksumming of all XFS metadata, file
type support, and support for a larger number of access control lists for a
file.

Caveat: Pre SLE 12 kernels, xfsprogs before version 3.2.0, and the grub2
bootloader before the one released in SLE 12 do not understand the new file
system format and thus refuse to work with it. This can be problematic if the
file system should also be used from older or other distribution.

If you require interoperability of the XFS file system with older or other
distributions, format the filesystem manually using the mkfs.xfs command. That
will create a filesystem in the old format unless you use the "-m crc=1"
option.

Support for Web Services for Management (WS Management)

The WS-Management protocol is supported via Openwsman, providing client (
wsmancli package) and server ( openwsman-server package) implementations.

Openwsman, by using the WS-Management standard, can interface to:

  * winrm (Microsoft Windows)

  * vPro/iAMT (Intel)

  * iDRAC (Dell)

  * VMware ESX/ESXi, vCenter, vSphere (VMware API)

  * Cisco UCS (Cisco)

Extended Built-in Management Infrastructure

SUSE Linux Enterprise Server provides CIM/WBEM enablement with the SFCB CIMOM.
The following CIM providers are available:

  * cmpi-pywbem-base

  * cmpi-pywbem-power-management (DSP1027)

  * libvirt-cim (DSP1041, DSP1043, DSP1045, DSP1057, DSP1059, DSP1076, DSP1081)

  * openlmi-account

  * openlmi-fan

  * openlmi-hardware

  * openlmi-journald

  * openlmi-logicalfile

  * openlmi-pcp

  * openlmi-powermanagement

  * openlmi-python-base

  * openlmi-python-providers

  * openlmi-realmd

  * openlmi-service

  * openlmi-software

  * sblim-cmpi-base

  * sblim-cmpi-dhcp

  * sblim-cmpi-ethport_profile (DSP1014)

  * sblim-cmpi-fsvol

  * sblim-cmpi-network

  * sblim-cmpi-nfsv3

  * sblim-cmpi-nfsv4

  * sblim-cmpi-sysfs

  * sblim-gather-provider

  * sblim-cmpi-dns

  * sblim-cmpi-samba

  * sblim-cmpi-smbios

Only reading of management information is supported for the 'openlmi'
providers.

Read-Only Root File System

It is possible to run SUSE Linux Enterprise 12 on a shared read-only root file
system. A read-only root setup consists of the read-only root file system, a
scratch and a state file system. The /etc/rwtab file defines, which files and
directories on the read-only root file system are replaced with which files on
the state and scratch file systems for each system instance.

The readonlyroot kernel command line option enables read-only root mode; the
state= and scratch= kernel command line options determine the devices, on which
the state and scratch file systems are located.

In order to set up a system with a read-only root file system, set up a scratch
file system, set up a file system to use for storing persistent per-instance
state, adjust /etc/rwtab as needed, add the appropriate kernel command line
options to your boot loader configuration, replace /etc/mtab with a symlink to
/proc/mounts as described below, and (re)boot the system.

Replace /etc/mtab with the appropriate symbolic links:

ln -sf /proc/mounts /etc/mtab

See the rwtab(5) manual page for more information and http://
www.redbooks.ibm.com/abstracts/redp4322.html for limitations on System z.

Systemd Daemon

SLE12 has moved to Systemd, a new way of managing services. For more
information, see the SUSE Linux Enterprise Admin Guide , Section The Systemd
Daemon .

Precision Time Protocol Version 2 Support

Time synchronization with microsecond precision across a group of hosts in a
data center is challenging to achieve without extra hardware.

Support for Precision Time Protocol version 2 leveraging the new time
synchronizaton feature of modern network interface cards has been included in
SUSE Linux Enterprise Server 12. For taking advantage of the precise time
synchronization install the new linuxptp package and refer to the documentation
in the /usr/share/doc/packages/linuxptp directory.

schedtool: Replaced by chrt

schedtool has been replaced by chrt , which is part of the standard util-linux
package. chrt also handles all scheduler classes.

Note, chrt requires a priority to be provided for all normal scheduling classes
as well as realtime classes. For example, to set your shell to SCHED_FIFO
priority 1, enter:

chrt -p -f 1 $$

To set it back to SCHED_OTHER:

chrt -p -o 0 $$

'0' is the only valid (and required) priority for SCHED_OTHER, SCHED_BATCH, and
SCHED_IDLE classes, priorities 1-99 are realtime priorities.

Exporting NFSv4 Shares

On SUSE Linux Enterprise 11, the bind mount in /etc/exports was mandatory. It
is still supported, but now deprecated.

Configuring directories for export with NFSv4 is now the same as with NFSv3.

Intel AMT (Active Management Technology) Support

Intel AMT (Active Management Technology) is hardware-based technology for
remotely managing and securing PCs out-of-band.

Intel MEI (Management Engine Interface) is a driver in Linux kernel, it allows
applications to access the Intel ME (Management Engine) FW via the host
interface; and the MEI driver is used by the AMT Local Manageability Service
(LMS).

Systemd: Restarting Services

Systemd can restart services if they crash. Where appropriate, Restart=on-abort
is set in the services files.

Configuring macvlan Interfaces

For configuring macvlan interface, see the ifcfg-macvlan(5) man page.

Configure Usage of Delta RPMs

To change the usage of delta RPMs during the update it was needed to edit /etc/
zypp/zypp.conf and set download.use_deltarpm to 'false'.

In the YaST Online Update Configuration dialog you can now activate delta RPMs
usage by checking Use delta rpms . This setting will change the configuration
file in the background.

SuSEconfig.permissions Replaced by chkstat

It is no longer possible to set file permissions with SuSEconfig --module
permissions .

If you want to set the file permissions as defined in /etc/permissions.* , run

chkstat --system

Performance Related Information

Enabling VEBOX on Haswell in the drm/i915 Kernel Driver

Linux Cloud Video Transcode is an Intel GEN based hardware solution to support
high quality and performance video transcoding on a server. With enabling VEBOX
on Haswell for some video pre and post process features like DN/ADI SUSE Linux
Enterprise features improved transcode quality.

NFS Tuning

On systems with a high NFS load, connections may block.

To work around such performance regressions with NFSv4, you could open more
than one TCP connection to the same physical host. This could be accomplished
with the following mount options:

To request that the transport is not shared use

mount -o sharetransport=N server:/path /mountpoint

Where N is unique. If N is different for two mounts, they will not share the
transport. If N is the same, they might (if they are for the same server, etc).

Performance and Scaling Improvements to Support 16S/24TB Systems

Currently, reading /proc/vmcore is done by read_oldmem that uses ioremap/
iounmap per a single page. For example, if memory is 1GB, ioremap/iounmap is
called 1GB / 4KB times, that is 262144 times. This causes big performance
degradation due to repeated page table changes, TLB flush, and build-up of VM
related objects.

To address the issue, SLES does the following:

  * Applying mmap on /proc/vmcore to improve read performance under
    sufficiently large mapping size.

  * Reducing the number of TLB flush by large mapping size.

  * Both mem_map for dump filtering and page frames are consecutive data.

  * No copying from kernel space to user space

The current main user of this mmap call is makedumpfile, which not only reads
memory from /proc/vmcore but also does processing like filtering, compression,
and I/O work.

Linux Paging Improvements

High swapping activity on Linux system, for example when triggering a file
system backup, although the SAP applications are sized to completely fit into
the system's main memory. This results in bad response times on the application
level.

SLES allows the system administrator to limit the amount of page cache that the
kernel uses if there is competition between application memory and page cache.
Once the page cache is filled to the configured limit, application memory is
more important and should not be paged out.

Two new Linux kernel tunables have been introduced:

  * vm.pagecache_limit_mb (/proc/sys/vm/pagecache_limit_mb)

  * vm.pagecache_limit_ignore_dirty (/proc/sys/vm/pagecache_limit_ignore_dirty)

No pages will be paged out if the memory footprint of the workload plus the
configured page cache limit do not exceed the amount of physical RAM in the
system. If paging needs to occur, the Linux kernel will still favor to keep
application memory over page cache unless we are below the page cache limit.

If there is plenty of free memory, the kernel will continue to use it as page
cache in order to speed up file system operations.

Storage

Mounting NFS Volumes Locally on the Exporting Server

With SUSE Linux Enterprise 12, it is now possible to mount NFS volumes locally
on the exporting server.

/dev/disk/by-path/ Links for virtio Disks No Longer Available

Because virtio numbers are not stable, by-path links for virtio disks are no
longer available. These names are not persistent.

Support for the Btrfs File System

Btrfs is a copy-on-write (CoW) general purpose file system. Based on the CoW
functionality, Btrfs provides snapshoting. Beyond that data and metadata
checksums improve the reliability of the file system. Btrfs is highly scalable,
but also supports online shrinking to adopt to real-life environments. On
appropriate storage devices Btrfs also supports the TRIM command.

Support

With SUSE Linux Enterprise 12, Btrfs is the default file system for the
operating system, xfs is the default for all other use cases. We also continue
to support the Ext-family of file systems, Reiserfs and ocfs2. Each file system
offers disctinct advantages. Customers are advised to use the YaST partitioner
(or AutoYaST) to build their systems: YaST will prepare the Btrfs file system
for use with subvolumes and snapshots. Snapshots will be automatically enabled
for the root file system using SUSE's snapper infrastructure. For more
information about snapper, its integration into ZYpp and YaST, and the YaST
snapper module, see the SUSE Linux Enterprise documentation.

Migration from "Ext" and Reisefs File Systems to Btrfs

Migration from existing "Ext" file systems (Ext2, Ext3, ext4) and Reiserfs is
supported "offline" and "in place", if the original filesystem has been created
with a 4k block size (this is the case for most file systems on the x86-64 and
System z architectures). Calling "btrfs-convert <device>" will convert the file
system. This is an offline process, which needs at least 15% free space on the
device, but is applied in place. Roll back: calling "btrfs-convert -r <device>"
will roll back. Caveat: when rolling back, all data will be lost that has been
added after the conversion into Btrfs; in other words: the roll back is
complete, not partial.

RAID

Btrfs is supported on top of MD (multiple devices) and DM (device mapper)
configurations. Use the YaST partitioner to achieve a proper setup. Multivolume
Btrfs is supported in RAID0, RAID1, and RAID10 profiles in SUSE Linux
Enterprise 12, higher RAID levels are not yet supported, but might be enabled
with a future service pack.

SWAP files

Using swap files on top of Btrfs is not supported. In general, we are advising
to use partitions for swapping, and not swap files on top of any file system
for performance reasons.

Future Plans

  * Compression functionality for Btrfs is currently under development and will
    be supported once the development has matured.

  * We are commited to actively work on the Btrfs file system with the
    community, and we keep customers and partners informed about progress and
    experience in terms of scalability and performance. This may also apply to
    cloud and cloud storage infrastructures.

Filesystem Maintenance, Online Check, and Repair Functionality

Check and repair functionality ("scrub") is available as part of the Btrfs
command line tools. "Scrub" is aimed to verify data and metadata assuming the
tree structures are fine. "Scrub" can (and should) be run periodically on a
mounted file system: it runs as a background process during normal operation.

We recommend to apply regular "maintenance" to the Brtfs file system to
optimize performance and disk usage. Specifically we recommend to "balance" and
"defrag" the file system on a regular basis. Check the "btrfs-maintenance"
package and see the SUSE Linux Enterprise documentation for more information.

Capacity Planning

If you are planning to use Btrfs with its snapshot capability, it is advisable
to reserve twice as much disk space than the standard storage proposal. This is
automatically done by the YaST2 partitioner for the root file system.

Backward compatibility - Hard Link Limitation

Previous products had a limitation on low hard link count per file in a
directory. This has been fixed and is 65535 now. It requires a file system
created with "-O extref", which is done by default. Caveat: Such a file system
might not be mountable on older products.

Backward compatibility - Enhanced metadata

The file systems are by default created with a more space efficient format of
metadata, the feature is called "skinny-metadata" for mkfs. Caveat: Such a file
system will not be mountable on previous products.

Backward compatibility - metadata block size is 16k

The default metadata block size has changed to 16 kilobytes, reducing metadata
fragmentation. Caveat: Such a file system will not be mountable on older
products.

Other Limitations

At the moment, Btrfs is not supported as a seed device.

For More Information

For more information about Btrfs, see the SUSE Linux Enterprise documentation.

Default File System

With SUSE Linux Enterprise 12, the default file system in new installations was
changed from Ext3 to Btrfs for the root system partition. XFS is the default
file system for the /home partition and other data partitions.

In the expert partitioner, the default file system is Btrfs. The user can
change it if another file system is more suitable to accomplish the intended
work load.

POWER Architecture

On POWER, the pagesize is 64K. Due to the assumption made by Btrfs regarding
data blocksize (i.e. data blocksize being equal to the page size), a Btrfs
installation on POWER will use a blocksize of 64K. This means that a Btrfs
created on x86 will not be mountable and readable via Btrfs on POWER, and vice
versa.

If data sharing in mixed architecture environments is a major concern, make
sure to use XFS on POWER for data partitions.

Data Deduplication Support with Btrfs

Identical data should not be stored more then once to save storage space.

SUSE Linux Enterprise supports the data deduplication feature of the Btrfs file
system. To achieve the deduplication it replaces identical contents (blocks)
with logical links to a single copy of the block in a common storage location.

The deduplication is performed out-of-band (also called post-process or
offline) using a specialized tool.

a PV command to display the PE's in use by LVs

The command looks like: pvs -o vg_name,lv_name,pv_name,seg_pe_ranges VG LV PV
PE Ranges /dev/sdb5 /dev/sdb6 /dev/sdb7 /dev/sdb8 system root /dev/xvda2 /dev/
xvda2:0-1782 system swap /dev/xvda2 /dev/xvda2:1783-200

GRUB2 and GUID Partition Table (GPT) Disks

GRUB2 offers support for PReP partitions on GUID Partition Table (GPT) disks.

Meaningful names for "md" RAID devices.

Names for "md" RAID devices, particularly as they appear in /proc/mdstat,
traditionally have numeric names like "md4". Working with these names can be
clumsy.

In SLE-12 the option is available to use textual names. Adding the line CREATE
names=yes to /etc/mdadm.conf will cause names like md_home to be used in place
of e.g. md127 if a name was given when creating the array. This will likely be
enabled by default in future releases of SLE.

Btrfs: Parameter to Enable Unsupported Features

Btrfs has a number of features that for reasons of instability or immaturity
SUSE chooses not to support in the enterprise releases. In order to avoid
undesired failures, we can disable those features in the code.

The module parameter to enable unsupported features is called
allow_unsupported.

To test out those unsupported features, you can enable them optionally with a
module flag ( allow_unsupported=1 ) that also taints the module as unsupported.
Alternatively, the same can be achieved by writing 1 to the module parameter
exported in /sys/module/btrfs/parameters .

Denied mount:

  * inode_cache

  * autodefrag

  * Compression

  * Seeding Device

Runtime operations that will be denied:

  * Fallocate and Hole Punch

  * Receive

  * Send (NO_FILE_DATA mode is allowed)

  * Device Replace

An attempt to mount or use a disallowed ioctl fails with an 'operation not
supported' error code and prints a message into the syslog regarding the
supportability and that allow_unsupported=1 would allow that.

Status of ReiserFS

The reiserfs file system was fully supported for the lifetime of SLES 11
specifically for migration purposes.

With SLES 12, reiserfs is still fully supported for use but support for
creating new reiserfs file systems has been removed from YaST.

Virtualization

Virtual Machine Driver Pack 2.2

SUSE Linux Enterprise Virtual Machine Driver Pack is a set of paravirtualized
device drivers for Microsoft Windows operating systems. These drivers improve
the performance of unmodified Windows guest operating systems that are run in
virtual environments created using Xen or KVM hypervisors with SUSE Linux
Enterprise Server 10 SP4, SUSE Linux Enterprise Server 11 SP3 and SUSE Linux
Enterprise Server 12. Paravirtualized device drivers are installed in virtual
machine instances of operating systems and represent hardware and functionality
similar to the underlying physical hardware used by the system virtualization
software layer.

SUSE Linux Enterprise Virtual Machine Driver Pack 2.2 new features include:

  * Support for SUSE Linux Enterprise Server 12

  * Support for new Microsoft Windows operating systems: Windows Server 2012 R2
    and Windows 8.1

  * Support for virtual to virtual migration (moving guest from Xen to KVM)

  * Windows Guest Agent for better host to guest communication

For more information on VMDP2.2 refer to the official documentation.

KVM

KVM: support new Intel instruction

With this new Intel processor, some new instructions are available:

Floating-Point Fused Multiply-Add to reduced the latency for Floating-Point
Addition. The 256-bit Integer vectors which can be useful in scientific
computations or other numerically intensive applications. The big-endian move
instruction (MOVBE) adds a big-endian move instruction (MOVBE) that can convert
to and from traditional x86 little-endian format. The HLE/HLE+ (Hardware Lock
Elision) provides a legacy compatible instruction set interface for
transactional execution.

Paravirtualization Random Number Generators

Virtual appliances need a good source of entropy, for instance when generating
key material during installation. Without any physical source of entropy (like
disk interrupts) such operations may take a rather long time. One way to
improve the situation in the future may be to include PV drivers that expose
hardware RNGs to the guest, such as virtio-rng .

This feature is available since SLE 11 SP2.

KVM: Support of pvpanic device

pvpanic is a paravirtualized device for reporting guest panic events to
management tools. By default pvpanic is disabled, add the flag -device pvpanic
to enable it.

KVM: Bio-based I/O Path for virtio-blk

A bio-based I/O path for virtio-blk is available, which improves I/O
performance for a VM which is using a high-speed device such as an SSD.

Containment of error when an SR-IOV device encounters an error

If an SR-IOV device encounters an error and if any of the VFs belonging to the
SR-IOV device is assigned to a guest(s), the affected guest(s) are brought down
without impacting any other running guests or the host.

KVM: Include Support for Multi-queue Networking

Multi-queue networking (VMDq, Netqueue, etc.) in a hypervisor environment
improves performance for 10G Ethernet and higher.

KVM: CPU Scheduling and Spinlock Improvements

VCPU Scheduling Improvements: Implement changes to improve the performance of
workloads in a virtualized environment (KVM) by addressing current
inefficiencies in the scheduling of vCPUs.

KVM NUMA Home Noding Performance Improvements

NUMA Home noding: Optimize the locality of CPU and memory across NUMA nodes for
better performance.

QEMU Sandboxing with seccomp

Support will be provided to limit QEMU to only the system calls that it
requires. New seccomp Kernel functionality is intended to be used to declare
the whitelisted syscalls and syscall parameters. This will limit QEMU's syscall
footprint, and therefore the potential Kernel attack surface. The idea is that
if an attacker were to execute abitrary code, they would only be able to use
the whitelisted syscalls.

QEMU TPM Passthrough

TPM passthrough provides QEMU a means to allocate a host TPM device to a guest.
The host device passed to a guest must be used exclusively by the guest to
which it is allocated. Either a physical TPM or a software TPM routed through
the host kernel via CUSE may be used as the host TPM device.

Following is an example domain XML fragment to specify use of TPM passthrough.

<devices>
  <tpm model='tpm-tis'>
    <backend type='passthrough'>
      <device path='/dev/tpm0' />
    </backend>
  </tpm>
</devices>

Where:

  * model is the host TPM model; defaults to 'tpm-tis'

  * backend is the backend device type; must be 'passthrough'

  * path is the path to the host TPM device; defaults to /dev/tpm0

This feature is disabled by default. For more information refer to http://
wiki.qemu.org/Features/TPM

KVM: Multiple TX Queue Support in macvtap/virtio-net (DCN)

This allows a single guest to transmit multiple flows of network data using
multiple CPUs simultaneously via multiple TX queues in virtio-net/vhost-net/
macvtap.

Qemu guest agent support

The guest agent ( qemu-ga ) allows programs on the VM Host Server to directly
communicate with a VM Guest via an emulated or paravirtualized serial console.

KVM: support for vfio

The SLE12 kernel provides a new method of accessing PCI devices from userspace
called vfio. The VFIO driver is an IOMMU/device agnostic framework for exposing
direct device access to userspace, in a secure, IOMMU protected environment.
This new access method to PCI devices will be used by default using libvirt
framework.

KVM: Virtual CPU (vCPU) hot add support

To be able to more efficient for adjusting the workload's demands on running
guest, KVM is now able to hot add Virtual CPUs (vCPUs) on a running virtual
machine.

XEN

Importing SLES 11 Managed Domains from xend to libvirt

The new xen2libvirt tool provides an easy way to import domains managed by the
deprecated xm/xend toolstack into the new libvirt/libxl toolstack. Several
domains can be imported at once using its --recursive mode.

XEN Migration from xend/xm to xl/libxl

For more information about the migration from xend/xm to xl/libxl , see the 
Virtualization Guide .

XEN: Pygrub Improvement

The pygrub command is used to boot a virtual Xen machine according to a certain
menu.lst entry. Since SLES 11 SP3 pygrub accepts the new flag [-l|
--list_entries] to show GRUB entries in the guest.

libvirt

Libvirt Integrated Linux Containers

Since SUSE Linux Enterprise Server 12, LXC is integrated into the libvirt
library. This decision has several advantages over using LXC as a separate
virtualization solution. The extra LXC component is obsolete now.

Discard Support for File Backed Storage

Guest block devices provided by files instead of physical storage did grow over
time, even if parts of it are unused. The guest file system had no way to
notify the back-end about unused blocks. As a result, the backing store
required more disk space than needed.

libxl and libvirt provide settings for file backed storage to handle discard
requests from KVM and Xen guests. Xen guests have discard support enabled per
default. For KVM guests discard must be enabled in the guest configuration
file.

In case the backing file was intentional created non-sparse the discard support
must be disabled to avoid fragmentation of the file. The xl domU.cfg syntax
looks like this:

'format=raw, no-discard, vdev=xvdm, target=/images/discard-off.raw'

For libvirt based guests, the option discard='ignore' must be added to the
devices driver part of the XML file.

Discard requires file system support. For local file systems, only xfs and ext4
support the hole punching feature. Remote storage such as NFS has no support
for discard , even if the backing store on the server would support it.

Host-Side VM Auditing Enhancements

libvirt now communicates with the Linux auditing subsystem on the host to issue
records for a number of VM operations. This enhancement allows administrative
users to collect a detailed audit trail of VM lifecycle events and resource
assignments. A new tool, auvirt, is available to conveniently search the Linux
audit trail for VM events.

Additional information on VM auditing is available in this article: Kvm libvirt
audit

libvirt: dynamic allocation of Virtual Functions (VFs)

Dynamic assignment from a pool of VFs will allow to utilize SR-IOV cards and VM
migration.

libvirt: Support DHCP Snooping and Dynamic ARP Inspection

Libvirt now support DHCP Snooping and Dynamic ARP Inspection to protect the
network from rogue DHCP servers and to drop packets with invalid IP/MAC
bindings to/from the guests.

libvirt: extend support for 802.1Qbg

Qbg enabled switches to perform better when migration VMs from one switch port
to another. Enhancement of Qemu/KVM guest migration to include hooks to
'de-associate or move to pre-associate' on source prior to suspend and restart
on target.

libvirt: extend support for lldpad synchronization

When the VSI information is modified in the switch, lldpad synchronization
keeps the VMs from losing network connectivity.

Others

Windows Server 2012 Hyper-V trouble

Currently it is not possible to boot a SLES 12 from a virtual DVD on a Windows
Server 2012 host using Hyper-v. For more information refer to: BNC#876640 .

Yast2-vm improvement

The new Yast2 virtualization tools allow you to install only selected
components for Xen, KVM or containers: the server part (hypervisor only), or/
and all tools needed to do administration of VM guests. The yast module name as
changed, the old named as changed to virtualization , so to launch from command
line use:

yast2 virtualization

Hyper-V: Time Synchronization

The system time of a guest will drift several seconds per day.

To maintain an accurate system time it is recommended to run ntpd in a guest.
The ntpd daemon can be configured with the YaST NTP Client module. In addition
to such a configuration, the following two variables must be set manually to
yes in /etc/sysconfig/ntp :

NTPD_FORCE_SYNC_ON_STARTUP="yes"
NTPD_FORCE_SYNC_HWCLOCK_ON_STARTUP="yes"

SLES as a Hyper-V Gen2 VM

Windows Server 2012 R2 will support Gen2 VMs. For more information, see http://
technet.microsoft.com/en-us/library/dn282285.aspx .

SLES 12 has been modified to provide full Gen2 VM support. Hyper-V Gen2
technology support: PXE boot by using a standard network adapter, boot from a
SCSI virtual hard disk, boot from a SCSI virtual DVD, secure Boot (enabled by
default), UEFI firmware support.

libguestFS

Libguestfs is a set of tools for accessing and modifying virtual machine disk
images. It can be used for many virtual image managements tasks such as viewing
and editing files inside guests (only Linux one are enable), scripting changes
to VMs, monitoring disk used/free statistics, performing partial backups, and
cloning VMs. See the SLE Virtualization Guide for more information and usage.

Hyper-V: Update Drivers

The updated drivers provide the following features:

  * A userland daemon to handle the file copy service is included.

  * The VMBUS driver utilizes all virtual CPUs (vCPUs) to communicate with the
    host, this will improve performance.

  * Support for Generation2 VMs is included. 'Secure Boot' must be disabled in
    the VM settings on the host side, otherwise the VM will not start.

  * Support for kdump and kexec when running on Windows Server 2012R2 is
    included.

  * The network driver was updated to remove the warning about outdated
    'Integration Services' that was shown in the Hyper-V Manager GUI.

virt-manager: Default to Launching virt-install

virt-install is now the default installer when the Create VM button is selected
in virt-manager. vm-install will still to be shipped on the media but will be
supported as a deprecated tool: bugs may be fixed, but no new features will be
added. For more information, see the SLE Virtualization Guide and respective
man pages.

open-vm-tools Now Included

In the past, it was necessary to install VMware tools separately, because they
had not been shipped with the distribution.

SUSE Linux Enterprise 12 includes the open-vm-tools package. These tools are
pre-selected when installing on a VMware platform.

Partnering with VMware, SUSE provides full support for these tools. For more
information, see "http://kb.vmware.com/kb/2073803 .

iproute2: Base Enablement for VXLAN Based Network Virtualization

Provides iproute2 extensions to configure VXLAN tunnel end points.

Kernel: Base Enablement for VXLAN Based Network Virtualization

Provides kernel changes to configure VXLAN tunnel end points.

lldpad: 802.1Qbg Support over Bonded Interface

Bonding interfaces allows the aggregation of bandwidth across multiple physical
links to a switch to take full advantage of the 802.1Qbg capabilities.

virt-manager virtfs details

virt-manager is more friendly: on the Details page of the created filesystem,
the value are now editable.

AMD64/Intel64 64-Bit (x86_64) Specific Information

Trackpoint or Pointing Stick Configuration

In the past, the default settings of trackpoint or pointing stick devices were
different on various machines, and thus the behavior of these devices was not
consistent.

These days people prefer to use the combination of trackpoint or pointing stick
and middle button for scrolling. This means pressing the middle button while
moving the trackpoint or pointing stick emulates a mouse wheel.

To make it work reliably, the following options are set by default:

EmulateWheel         = on
EmulateWheelButton   = 2
Emulate3Buttons      = on

Commenting these three options with the '#' character at the beginning of the
lines in /etc/X11/xorg.conf.d/11-evdev.conf will restore the upstream defaults
to have a real middle button and the scrollwheel emulation disabled again.

System and Vendor Specific Information

Installation on Native 4KiB Sector Drives (4kn) Supported with UEFI

For the last 20 years, hard disk with 512 byte sectors have been in use. Since
some years there are drives providing a 4KiB sector size internally, but
showing 512 byte sectors externally as a backward compatibility layer (512 byte
emulation / 512e). These devices are fully supported in SUSE Linux Enterprise.

The installation on native 4KiB sector drives (4kn) in x86_64 systems with UEFI
is supported, as is the use of 4 KiB sector drives as non-boot disks. Legacy
(non UEFI) installations on x86_64 systems are not supported on 4KiB drives for
technical reasons.

Support for New Intel Processors

SUSE Linux Enterprise Server 12 add support for the latest Intel processors,
Including

  * Intel Xeon processor E5-2600 v3 product family

  * Intel Xeon processor E5-1600 v3 product family

  * Intel Xeon processor E5-2400 v3 product family

  * Intel Xeon processor E5-4600 v3 product family

  * Intel Xeon processor E7-8800 v3 product family

  * Intel Xeon processor E7-4800 v3 product family

  * Intel Atom processor C2000 product family

RAS

Support of "Movable Memory" in NUMA Systems

Memory that exists since boot is always managed by the NUMA zone ZONE_NORMAL.
This memory has kernel memory, thus cannot be offlined, and subsequently cannot
be hot-removed. One solution for this issue is to gather kernel memory on a
special system board, and movable memory to other system boards.

To achieve this behaviour, use the kernel commandline option movable_node . If
this boot option is set, Linux checks the hot-pluggable bit of Memory Structure
Affinity in the ACPI SRAT Table; if this bit is enabled, the memory is managed
by ZONE_MOVABLE, and thus the other system boards can be hot-removed.

CAVEAT: this boot option may have significant performance impact. Workloads
that are very metadata intensive may not be able to use all memory because the
bulk of memory is ZONE_MOVABLE. They will either suffer severely degraded
performance or at the worst case, the OOM killer will fire. Similarly,
workloads that require large amounts of address space may fail because they
cannot allocate page tables. On NUMA machines, such workloads may still suffer
degraded performance because all their page table pages are allocated remote to
the workload.

Enabling the feature will also limit the availability of system memory for
certain features, eg. tmpfs may only be using memory from ZONE_NORMAL and
memory in ZONE_MOVABLE will be unavailable.

Summarizing, by enabling movable_node there is a trade-off between being able
to hot-remove a full memory node versus workload performance, amount of memory
that can be used and ability to even run a specific task. If you encounters one
of the trade-offs, the only sensible option is to disable node memory
hot-remove.

SUSE's Kernel team is working with the Linux community to find mitigations for
those limitations as a long term goal.

Allow the BIOS to Keep Control of Error Correction Reporting and Threshold

In theory, platform firmware has better knowledge of the appropriate thresholds
to use based on OEM knowledge of the failure rates of components in the
platform.

Firmware first mode for corrected errors

SLES 12 kernel supports firmware first mode for corrected errors allowing
firmware to take first control over memory error handling. Firmware then
notifies Linux through APEI once memory errors exceed a platform defined
threshold. On receipt of APEI notification, Linux immediately offlines pages
in-kernel isolating problematic memory resulting in improved system reliability
and uptime.

POWER (ppc64le) Specific Information

Remote Btrfs on POWER

Due to a dependency of BTRFS in determining the smallest blocksize usable on
the CPU architecture's page size, a Btrfs filesystem instance created on x86
(and other architectures with a different page size) will not be mountable and
readable via Btrfs on POWER.

Huge Page Memory Support on POWER

Huge Page Memory (16GB pages, enabled via HMC) is supported by the Linux
kernel, but special kernel parameters must be used to enable this support. Boot
with the parameters hugepagesz=16G hugepages=N in order to use the 16GB huge
pages, where N is the number of 16GB pages assigned to the partition via the
HMC. The number of 16GB huge pages available can not be changed once the
partition is booted

Inclusion of base IBM Power RAS tools

Systems may exhibit hardware or mircocode issue, which require inventory
collection of vital product data (VPD), platform error reporting and handling,
and responding to EPOW events to analize the root cause and to plan for the
right corrective response by service.

The basic POWER platform related tools and packages like ppc64-diag ,
servicelog , and lsvpd are included to provide allow for faster resolution.

IBM PowerLinux Development Tools Repository

TheIBM PowerLinux development tools repository provides quick access to the
latest IBM SDK and Advance Toolchain versions.

IBM PowerLinux DLPAR Tools Repository

The IBM PowerLinux DLPAR tools repository provides quick access to latest
service and productivity tools available from IBM.

mlx5 Driver Supports New Mellanox Connect-IB Adapter for Power

Support for Mellanox Connect-IB adapter for Power is available.

Make sure the Firmware level of the Connect-IB adapter is version 10.10.2000 or
greater.

Architecture Level Set (ALS): SLES 12 supports only POWER8 and greater
processors

Support of native Little-endian memory model

Support of Hardware Transaction Memory on POWER8 and later systems

Support of additonal PowerISA-2.07 instructions including: 128-bit atomic
memory update, enhanced vector crypto (AES, GCM, SHA) and check-sum operations,
enhanced vector integer operations for 32, 64, 128-bits, and enhanced Vector
Scalar capability with single precision float from 32 to 64 scalar float
registers.

Kernel CPUidle Framework

SLES 12 includes enabling for usage of the generic CPUidle framework to enter
SNOOZE and NAP idle states for POWER systems.

Platform Resource Reassignment Notification Handling

The POWER platform provides the capability to dynamically assign CPU, memory,
and slot resources to partitions on a system. Over time this can result in a
less than optimal resource assignment to each of the individual partitions on
the system for CPUs and memory.

The POWER hypervisor provides the capability to transparently re-assign the
resources allocated to a partition to provide a more optimized layout of
resources. This update is communicated to the partitions via the RTAS
event-scan mechanism and PRRN RTAS events. The update provided here allows
Linux to dynamically update any resources affected by PRRN notifications.

GDB Support for POWER8 Processors

This feature adds support for the new DAWR interface, which allows hardware
watchpoints with longer ranges (up to 512 bytes wide), as well as the ability
to disassemble POWER8 instructions.

GCC support for POWER8 processor

SLES 12 builds GCC such that it defaults to generating POWER8 optimzed binaries
(i.e.: -mcpu=power8 -mtune=power8 ).

Optimized GLIBC for POWER8

SLES 12 builds GLIBC with POWER8 tuning that includes optimized algorithms.
With the new GNU IFUNC mechanism, future algorithms will not require an
application rebuild using different compiler flags to select a different GLIBC.

PPC64 Improvement in Memory Support

SUSE Linux Enterprise 12 is now capable to support up to 64 TB of memory on
Power platforms.

LLVM for POWER

With SUSE Linux Enterprise Server 12 Mesa supports 3D acceleration via llvmpipe
on IBM POWER hardware.

Support for the IBM POWER8 Processor added to Valgrind

All new POWER8 instructions are supported by all the Valgrind tools.

Support for the IBM POWER8 Processor Added to oprofile, libpfm, and PAPI

A subset (approximately 150) of the native POWER8 events are supported in this
version of these packages. The rest of the events will be added in a future
release.

System z (s390x) Specific Information

For more information, see http://www.ibm.com/developerworks/linux/linux390/
documentation_novell_suse.html

IBM zEnterprise 196 (z196) and IBM zEnterprise 114 (z114) further on referred
to as z196 and z114.

IPL from Tape is Deprecated

For the initial installation of System z operation systems different options
have been available in the past. Over time, using Linux and z/VM altogether has
become the dominant use case, while using Linux in an LPAR is still present but
less frequent. With additional features of the HMC mircocode to allow IPL from
DVD images, IPL from tape has declined in use.

Starting with SLES 12, IPL from tape for System z is no longer supported.

Architecture Level Set

Newer machines have new instructions and better instruction schedulers.

The default for the system Compiler is to generate code for z196 and do the
scheduling for zEC12.

Hardware

New cputype Command

Often it is difficulty to correlate the commonly used name of the processor
with the IBM model number for that processor.

The cputype command is now included in the s390-tools package to make it easy
for a customer to provide both the IBM model number as well as the more
commonly used name.

Provide PCHID mapping

The Physical Channel ID (PCHID) enables hardware detection with a machine-wide
unique identifier.

Add robustness against missing interrupts to non-path-grouped internal I/O
requests

With this feature for the common I/O layer, channel paths with missing
interrupts during internal I/O do not make devices with remaining functioning
channel paths unusable to device drivers.

Support of SHA-256 hash algorithm in opencryptoki ICA token

SLES 12 includes opencryptoki 3.1 which comes with an ICA token that exploits
the System z crypto hardware provided SHA-256 hash algorithm

Virtualization

Support of Live Guest Relocation (LGR) with z/VM 6.2

Live guest relocation (LGR) with z/VM 6.2 requires z/VM service applied,
especially with Collaborative Memory Management (CMMA) active (cmma=on).

Apply z/VM APAR VM65134.

Large Page Support in IBM System z

Large Page support allows processes to allocate process memory in chunks of 1
MiB instead of 4 KiB. This works through the hugetlbfs.

Linux Guests Running on z/VM 5.4 and 6.1 Require z/VM Service Applied

Linux guests using dedicated devices may experience a loop, if an available
path to the device goes offline prior to the IPL of Linux.

Apply recommended z/VM service APARs VM65017 and VM64847.

Storage

Minimum Storage Firmware Level for LUN Scanning

For LUN Scanning to work properly, the minimum storage firmware level should
be:

  * DS8000 Code Bundle Level 64.0.175.0

  * DS6000 Code Bundle Level 6.2.2.108

New Partition Types Added to the fdasd Command

In SLES 11 SP2 new partition types were added to the fdasd command in the
s390-tools package. Anyone using YaST in SLES 12 to create partitions will not
see this happening.

If fdasd is used from the command line, it will work as documented and desired.

Enabled FCP Hardware Data Router as Default

To gain the performance improvements for certain workloads the data router
support is enabled by default. This is tolerated in environments without data
router support on LPAR and under z/VM.

Provide PCHID mapping

The Physical Channel ID (PCHID) enables hardware detection with a machine-wide
unique identifier.

QSAM Access Method for Data sharing with z/OS - Stage 1

This feature introduces a new interface that enables Linux applications like
Data Stage to access and process (read only) data in z/OS owned physical
sequential data sets without interfering with z/OS. By avoiding FTP or NFS
transfer of data from z/OS the turnaround time for batch processing is
significantly reduced.

Improved Performance of dasdfmt

With increasing sizes of ECKD DASDs, the speed of formatting becomes an issue.

The performance can now be increased by using Parallel Access Volume (PAV) when
formatting DASDs. In addition, with a new parameter, -r or --requestsize , you
can specify the number of cylinders to be formatted in one step.

Network

qeth: Increase default MTU

Introduces the default MTU size of 1500 for OSA layer 2 and all traffic that
uses DIX frames to remove System z specifics.

src_vipa: IPv6 Enablement

Adds support for IPv6 addresses to the src_vipa tool , that only supports IPv4
up to now.

Token Ring No Longer Selectable

Token Ring is no longer supported.

It is no longer offered to select Token Ring.

Only the Ethernet remains as the interface. Therefore the parameter "OsaMedium"
is also obsolete. This parameter is no longer recognized in parmfiles and on
the command line. If the parameter is specified, it will appear in /etc/
zipl.conf as an unnecessary kernel parameter.

Security

Existing Data Execution Protection Removed for System z

The existing data execution protection for Linux on System z relies on the
System z hardware to distinguish instructions and data through the secondary
memory space mode. As of System z10, new load-relative-long instructions do not
make this distinction. As a consequence, applications that have been compiled
for System z10 or later fail when running with the existing data execution
protection.

Therefore, data execution protection for Linux on System z has been removed.

Install Pattern for HW Crypto Stack on System z in YaST

It is possible to install the complete crypto stack by selecting System z HW
crypto support at install time. It is available as an install pattern in the
Software Selection dialog.

New libica APIs for Supported Crypto Modes Including Hardware or Software
Indication

New libica APIs show crypto exploiters what cryptographic functions are
available and if hardware or software will be used to process cryptographic
requests. In the past, this information could only be obtained through
stand-alone tools primarily intended for administrators.

Support of Enterprise PKCS#11 (EP11)

Exploitation of Enterprise wide PKCS#11 (EP11) in CryptoExpress4 device driver
and opencryptoki token for access to the Enterprise PKCS#11 (EP11) features of
the CEX4S crypto adapter that implements certified PKCS#11 mechanism.

CPACF MSA4 Extensions for opencryptoki and libica (Part 2)

The libica and opencryptoki libraries now support algorithms for Message
Security Assist Extension 4 (MSA4) instructions in CPACF (Central Processor
Assist for Cryptographic Function) and provides significant acceleration of
complex cryptographic algorithms.

Support of SHA-256 hash algorithm in opencryptoki ICA token

SLES 12 includes opencryptoki 3.1 which comes with an ICA token that exploits
the System z crypto hardware provided SHA-256 hash algorithm

RAS

Enhanced cio_ignore Usage

To ease installation with huge amounts of devices SLES 12 enables the user to
switch cio_ignore on and off at install time to decide if all devices should be
displayed or be limited to a specified amount of devices. When selecting
cio_ignore on the list of devices to be displayed can be manually defined by
selecting dedicated devices or by defining device ranges.

Dump to zfcp/SCSI Partition

The SCSI dump tool now writes dumps directly to a SCSI partition, without using
a file system. The option zipl -d is used for both, DASD and SCSI stand-alone
dumps. The option zipl -D has become obsolete and is no longer supported.

The SCSI dump tool can now also be installed on multipath devices.

Keywords for IPL and Console Devices for Use in cio_ignore for IBM System z

Enable the use of keywords, ipldev for the IPL device and condev for the
console device to ease installation when a system uses cio_ignore to blacklist
all devices at install time and does not have a default CCW console device
number, has no devices other than the IPL device as a base to clone Linux
guests, or with ramdisk based installations with no devices other than the CCW
console.

Support for zPXE Boot

zPXE provide a similar function to the PXE boot on x86/x86-64: have a parameter
driven executable, retrieving installation source and instance specific
parameters from specified network location, download automatically the
respective kernel, initrd, and paramenter files for that instance and start an
automated (or manual) installation.

Performance

Optimized Compression Library zlib

Compression is used in various of places of the system such as decompression of
Java class files, PDF generation, compressed backup and for installation
(binaries compressed in RPMs). Although beneficial in multiple aspects (data on
disk, data transferred to memory), it requires significant processor resources.

Using an optimized version of zlib significantly improves performance and
lowers processor resource consumption for applications using the respective
library.

LLVM for System z

With SUSE Linux Enterprise Server 12, Mesa supports 3D acceleration via
llvmpipe on IBM System z hardware.

Write Protection-based Dirty Page Detection for System z

With SLES 12, the System z unique detection of dirty bits is converted to the
handling of dirty bits in the page table entry. This change makes the dirty bit
handling consistent with other architectures.

Transparent Large Pages for System z

Provides performance improvement for applications that access large amounts of
anonymous memory, such as heap space for Java programs or caching areas for
databases.

Toolchain Support of IBM System z Enterprise EC12 (zEC12)

The toolchain supports the IBM System z Enterprise EC12 (zEC12) instruction set
to optimize performance with SLES 12 on zEC12.

STT_GNU_IFUNC Back-end Support and Exploitation for System z

Support of the GNU specific symbol STT_GNU_IFUNC that allows for multiple
versions of the same function in a library. The support enables optimized
execution of performance critical functions, for example by providing variants
exploiting the instruction sets of different CPU levels.

The STT_GNU_IFUNC symbol is supported in the gcc, binutils, and glibc packages.
Optimized versions of the memcpy, memset, and memcmp functions are provided in
the glibc package.

Transactional Memory Support in gcc

With SLES 12, gcc supports applications utilizing transactional-execution (TX)
for simplified concurrency control via shared memory sections removing the
limits for lock controlled execution.

Driver Updates

Network Drivers

Myricom 10-Gigabit Ethernet Driver and Firmware

SUSE Linux Enterprise 12 (x86_64) is using the Myri10GE driver from mainline
Linux kernel. The driver requires a firmware file to be present, which is not
being delivered with SUSE Linux Enterprise 12.

Download the required firmware at http://www.myricom.com .

Updating Firmware for QLogic 82XX Based CNA

For QLogic 82XX based CNA, update the firmware to the latest from the QLogic
Web site or whatever is recommended by the OEM in case you are running 4.7.x FW
version.

Storage Drivers

Brocade FCoE Switch with Firmware Older Than v6.4.3 Does Not Accept Fabric
Logins From Initiator

 1. Once link is up, LLDP query QoS to get the new PFC, send FCoE incapable
    right away, which is right.

 2. After negotiating with neighbor, we got lldp frame with un-recognized ieee
    dcbx, so we declare link is CEE incapable, and send out FCoE Capable event
    with PFC = 0 to fcoe kernel.

 3. Then neighbor adjusts its version to match our CEE version, now we find
    right DCBX tlv in incoming LLDP frame, we declare link CEE capable. At this
    time we did not send FCoE capable again since we already sent it in step 2.

To solve this, upgrade the switch firmware to v6.4.3 or above.

HP cciss Driver No Longer Supported

Older HP Smart Array controllers (before ProLiant G6) are no longer supported
in SLES 12. The device driver for these controllers, cciss , has been removed
from the distribution media and support for G6 controllers has been added to
the newer HP Smart Array driver, hpsa . All Smart Array controllers will now
use the hpsa driver, with the exception of the Dynamic Smart Array controllers,
which require a special driver available from http://hp.com .

HP Smart Array controller models no longer supported in SLES 12 include:

  * P400,

  * P400i,

  * P800,

  * E200,

  * E200i,

  * P700m,

  * 6400,

  * 641,

  * 642,

  * 6i

HP Smart Array controller models that will be supported with the hpsa driver
instead of the cciss driver include:

  * P212,

  * P410,

  * P410i,

  * P411,

  * P711m,

  * P712m,

  * P812

Important: Customers with controller models identified above as transitioning
from the cciss driver to the hpsa driver should be aware that there are
differences in device presentation between cciss and hpsa . The older cciss
driver is a block layer driver, presenting devices as /dev/cciss/c*d* , while
the newer hpsa driver is a SCSI layer driver, and follows standard SCSI
practice of presenting devices as /dev/sd* . Configuration files that use
device-specific naming may need to be edited to reflect the new device naming.
For more information about hpsa and a comparison of the two drivers, see the
following white paper:

http://h10032.www1.hp.com/ctg/Manual/c02677069.pdf .

Driver for IMSM and DDF

For IMSM and DDF RAIDs the mdadm driver is used unconditionally.

Packages and Functionality Changes

OpenLDAP Overlays as Modules

The overlays are not compiled in slapd anymore but they can be loaded as
modules at runtime.

  * New installation. Before activating an overlay for a database the module
    must be loaded in the global section. This can be done by the "moduleload"
    option.

  * Update from SLE11. If you have activated ldap overlays you must load them
    in the slapd configuration; otherwise the ldap server cannot be started.

New installation:

If you are using slapd.conf insert "moduleload <module name>" into the global
section.

If you are using the config back-end do the following steps:

1) Create "cn=Module" child entry:

echo "dn: cn=module,cn=config
Objectclass: olcModuleList
" | ldapadd -cY external -H ldapi:///

2) Define the modules that must be loaded. For example, to load memberof and
accesslog execute

echo "dn: cn=module{0},cn=config
add: olcModuleload
olcModuleload: memberof
olcModuleload: accesslog
" | ldapmodify  -cY external -H ldapi:///

Update:

If you are using slapd.conf insert "moduleload <module name>" into the global
section.

If you are using the config back-end do the following steps:

1) Create a ldif file for slapcat to load the needed modules. For example, if
you are using the memeberof and accesslog overlays this is the right settings:

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}memberof
olcModuleLoad: {1}accesslog
structuralObjectClass: olcModuleList

2) Add this child to the slapd configuration:

cat slapcat.ldif | slapadd -b cn=config

New Packages

LTTng

LTTng provides a set of tools allowing for efficient and combined tracing of
userspace and kernel code referencing a common time source. This allows users
to identify performance issues and debug problems in complicated code involving
multiple concurrent processes and threads. In addition to the tracers, viewing
and analysis tools are provided supporting both text and graphical formats. The
kernel tracing functionality is implemented via a suite of loadable kernel
modules. The loading of these modules and control of the tracing system is
controlled by a single lttng utility.

Adding the 'dropwatch' Package and Enabling NET_DROP_MONITOR

The dropwatch feature will allow the customer to easily observe and diagnose
network performance problems caused by dropped packets.

Thus the 'dropwatch' package was added and NET_DROP_MONITOR enabled.

Lightweight Desktop

For specific configurations, such as low memory, where the GNOME desktop
environment does not suit, a lightweight desktop is needed.

icewm has been choosen as a lightweight desktop to fill this need on SUSE Linux
Enterprise Server.

Updated Packages

Samba: Changing "winbind expand groups" to "0"

Forthcoming Samba 4.2.0 provided by http://www.samba.org will come with
"winbind expand groups" set to "0" by default.

Samba post 4.1.10 provided by SUSE anticipates the new default.

The new default makes winbindd more reliable because it does not require SAMR
access to domain controllers of trusted domains.

Note: Some legacy applications calculate the group memberships of users by
traversing groups; such applications will require winbind expand groups = 1 .

GNOME 3.10

We ship GNOME 3.10 with SUSE Linux Enterprise 12.

GNOME on SUSE Linux Enterprise is available in three different setups, which
are modifying desktop user experience:

  * SLE Classic: this setup uses a single bottom panel, similar to GNOME
    desktop as available on SUSE Linux Enterprise 11. This setup is default on
    SUSE Linux Enterprise 12.

  * GNOME: this is GNOME 3 upstream user experience, also sometime called
    "GNOME Shell". This setup might be more adequate with touchscreen.

  * GNOME Classic: this setup uses two panels (one top panel, one bottom panel)
    similar to upstream GNOME 2 desktop

The setup can be changed at login time, in GDM, using the gear icon in the
password prompt screen. It can also be modified using YaST, systemwide.

Caveats:

With SLE 11 after joining a Microsoft domain, GDM displayed the available
domain names as a drop-down box below the user name and password fields. This
behavior has changed.

With SLE 12, you must prefix the domain and the winbind separator manually to
login. As soon as you click the 'Not listed?' text, GDM will display a hint
such as '(e.g., domain\user)'.

Update to IBM Java 7 Release 1

IBM Java 7 Release 1 provides performance improvements through IBM POWER8 and
IBM zEnterprise EC12 exploitation.

Parted Upgraded to Version 3.1

Parted was upgraded version 3.1.

This version can no longer resize file systems contained within a partition.
Parted can resize partititons, but to resize the contained file system, an
external tool such as mkfs.ext4 has to be used.

Support for Qt5

We received requests to support QML as part of the Qt framework.

While Qt4 (minimum ver 4.8.2-260.1) would have been possible to use, directly
upgrading to and supporting Qt5 (QML supported) is the better and more future
proof solution.

supportconfig Output Contains dmidecode Information by Default

On platforms supporting dmidecode, the supportconfig tool now contains the
dmidecode output.

Previously, this was done only when explicitely activated with a parameter, but
the default changed to provide always now. This is done to deliver better
support result.

Bluetooth Implementation BlueZ 5

BlueZ 4 is no longer maintained upstream. Thus upgrading to BlueZ 5 ensures
that you will get all the latest upstream bug fixes and enhancements.

BlueZ 5 comes with numerous new features, API simplification and other
improvements such as Low Energy support. It is new major version of the
Bluetooth handling daemon and utilities.

Note: The new major version indicates that the API is not backwards compatible
with BlueZ 4, which means that all applications, agents, etc. must be updated.

MOK List Manipulation Tools

A Machine Owner Key (MOK) is a type of key that a user generates and uses to
sign an EFI binary. This is a way for the machine owner to have ownership over
the platform?s boot process.

Suitable tools are coming with the mokutil package.

MariaDB Replaces mySQL

MariaDB is a backward compatible replacement for mySQL.

If you update from SLE 11 to SLE 12, it is adviseable to do a manual backup
before the system update. This could help if a start of the database has issues
with the storage engine's on-disk layout.

After the update to SLE 12, a manual step is required to actually get the
database running (this way you quickly see if something goes wrong):

touch /var/lib/mysql/.force_upgrade
rcmysql start
# => redirecting to systemctl start mysql.service
rcmysql status
# => Checking for service MySQL:
# => ...

Removed and Deprecated Functionality

PCMCIA is deprecated

The old PCMCIA based on ISA and 16-bit only will no more be supported under
SLE12. Latest modern laptop uses CardBus (based on PCI), which continues to be
supported.

SUSE Linux Enterprise Legacy Module 12

The Legacy Module helps you migrating applications from SUSE Linux Enterprise
10 and 11 and other systems to SUSE Linux Enterprise 12, by providing packages
which are discontinued on SUSE Linux Enterprise Server, such as: sendmail ,
syslog-ng , IBM Java6 , and a number of libraries (for example openssl-0.9.8 ).

Access to the Legacy Module is included in your SUSE Linux Enterprise Server
subscription. The module has a different lifecycle than SUSE Linux Enterprise
Server itself. Packages in this module are usually supported for at most three
years. Support for Sendmail and IBM Java 6 will end in September 2017 at the
latest.

Command Line Interface for Managing Packages

YaST as a command line tool for managing packages is deprecated. Instead of
yast with the command line switches -i , --install , --update , or --remove for
installing, updating, or removing packages, use zypper .

For more information, see the zypper man page.

libsysfs obsoleted by libudev

libsysfs has been deprecated and has been replaced by libudev. If you have
self-compiled applications using libsysfs previously, you have to recomplie
using libudev .

dhcpcd Replaced by wicked and dhcp-client

dhcpcd package was replaced by wicked and dhcp-client packages.

Hardware Deprecation Associated with a Emulex lpfc Driver Update

Emulex will be deprecating hardware in the future that will impact SLES 12 SP1.

The following hardware associated with the Emulex lpfc driver will be
deprecated for SLES 12 SP1:

Device IDs and Device Name

VID:10DF, DID:1AE5 LP6000
VID:10DF, DID:E100 LPev12000
VID:10DF, DID:E131 LPev12002
VID:10DF, DID:E180 LPev12000
VID:10DF, DID:F095 LP952
VID:10DF, DID:F098 LP982
VID:10DF, DID:F0A1 LP101
VID:10DF, DID:F0A5 LP1050
VID:10DF, DID:F0D1 LP111
VID:10DF, DID:F0F5 LPe1000 & LPe1000?SP
VID:10DF, DID:F0F7 LPe1002?SP
VID:10DF, DID:F700 LP7000
VID:10DF, DID:F0800 LP8000
VID:10DF, DID:F900 LP9002
VID:10DF, DID:F980 LP9802
VID:10DF, DID:FA00 LP10000
VID:10DF, DID:FB00 LPx1000
VID:10DF, DID:FC00 LP10000S
VID:10DF, DID:FC10 LP11000S
VID:10DF, DID:FD00 LP11000
VID:10DF, DID:FD11 LP11000?S
VID:10DF, DID:FE05 LP21000

Raw Devices Are Deprecated

Raw devices are deprecated.

Packages Removed with SUSE Linux Enterprise Server 12

The following packages were removed with the major release of SUSE Linux
Enterprise Server 12:

The SUSE SAM Tool Is Obsolete

The SUSE SAM is removed from the media.

Inn package dropped

Inn tool will not be available in SLE12.

scsirastools is deprecated

scsirastools was designed to work with now obsolete SCSI parallel enclosure.
This package is not more available in SLE12.

LPRng Discontinued

As announced on SLE 11, LPRng is discontinued with SLE 12.

The Number of Kernel Modules in the kernel-extra Package Reduced

The following unsupported kernel modules have been dropped from the
kernel-extra package:

  * Staging drivers

  * IDE drivers on POWER

  * Open Sound System on x86_64

  * WAN drivers on x86_64

  * 1-Wire drivers

  * File systems: adfs, affs, befs, bfs, efs, freevxfs, hpfs, qnx4, jffs2, jfs,
    logfs, nilfs2, ubifs

Unsupported Graphical Chipsets

The following X11 drivers are no longer provided in SLE 12:

  * xf86-video-ark

  * xf86-video-chips

  * xf86-video-geode

  * xf86-video-glint

  * xf86-video-i128

  * xf86-video-neomagic

  * xf86-video-newport

  * xf86-video-r128

  * xf86-video-savage

  * xf86-video-siliconmotion

  * xf86-video-tdfx

  * xf86-video-tga

  * xf86-video-trident

  * xf86-video-voodoo

  * xf86-video-sis

  * xf86-video-sisusb

  * xf86-video-openchrome

  * xf86-video-unichrome

  * xf86-video-mach64

suseRegister replaced by SUSEConnect

s useRegister was replaced by SUSEConnect .

Nagios Server Now Part of a SUSE Manager Subscription

Support for Icinga (a successor of Nagios) will not be part of the SUSE Linux
Enterprise Server 12 subscription.

Fully supported Icinga packages for SUSE Linux Enterprise Server 12 will be
available as part of a SUSE Manager subscription. In the SUSE Manager context
we will be able to deliver better integration into the monitoring frameworks.
Also more frequent updates on the monitoring server parts than in the past are
planned.

Dropped python-ordereddict

The package python-ordereddict is not available on SLES 12 anymore.

On SLES 12, the class collections.OrderedDict is provided by both the python
and python3 packages.

GRUB2 Is the Supported Bootloader

GRUB2 is now available on all SUSE Linux Enterprise 12 architectures and is the
only supported bootloader. Other bootloaders that were supported in SLE 11,
have been removed from the distribution and are not available anymore.

Mono Platform and Programs No Longer Provided

Starting with SLE 12, the Mono platform and Mono based programs are no longer
supported.

These are the replacement applications:

  * gnote (instead of Tomboy)

  * shotwell (instead of F-Spot)

  * rhythmbox (instead of Banshee)

YaST No Longer Supports Configuring Modem Devices

YaST ( yast2-ntework ) no longer offers modem configuration dialogs.

It is still possible to configure modems manually.

YaST No Longer Supports Configuring ISDN Devices

YaST ( yast2-ntework ) no longer supports configuring ISDN devices. If needed,
NetworkManager supports such devices.

YaST No Longer Supports Configuring DSL Devices

YaST ( yast2-ntework ) no longer supports configuring DSL devices. If needed,
NetworkManager supports such devices (e.g., DSL cable modems).

Packages and Features to Be Removed in the Future

Support for Qt4

SLE 12 features the Qt4 toolkit. Qt4 will be supported at least until the
release of SLE 12 Service Pack 3. Hence it is recommended to migrate
applications to Qt5 and start new projects using Qt5.

Use /etc/os-release Instead of /etc/SuSE-release

Starting with SLE 12, /etc/SuSE-release file is deprecated. It should not be
used to identify a SUSE Linux Enterprise system. This file will be removed in a
future Service Pack or release.

The file /etc/os-release now is decisive. This file is a cross-distribution
standard to identify a Linux system. For more information about the syntax, see
the os-release man page ( man os-release ).

Deprecate DMSVSMA for snIPL for SLES 12 SP1

The RPC protocol is used with old z/VM versions only that are going out of
service.

It is planned to deprecate the support of remote access for snIPL to z/VM hosts
via the RPC protocol with SLES 12 SP1, which means the future removal of the
related DMSVSMA.X file from snipl. It is recommended to use remote access to z/
VM hosts via SMAPI, provided by supported z/VM 5.4, and z/VM 6.x versions. For
details about setting up your z/VM system for API access see z/VM Systems
Management Application Programming , SC24-6234.

Sendmail

The sendmail package is deprecated and will be discontinued with one of the
next service packs. Consider to use Postfix as a replacement.

Changes in Packaging and Delivery

AppArmor: Normalized Command Names

AppArmor now offers normalized command names:

  * aa-notify instead of aa-apparmor_notify or apparmor_notify

  * aa-status instead of aa-apparmor_status ( apparmor_status is still
    supported)

Legacy module-init-tools Replaced with kmod

Kmod package is a replacement of the former module-init-tools . In addition to
the well known tools like lsmod , modprobe , and modinfo , the package offers a
shared library for use by system management services which need to query and
manipulate Linux kernel modules.

NetwokManager Part of the Workstation Extension

NetwokManager, primarily used on Desktops and Notebooks where one user is
working with one specific machine, is now part of the Workstation Extension.
For all the other use cases, and especially all server workloads, the default
provided by SLES is Wicked . <emWicked

Dovecot as a Replacement for cyrus-imapd

SLES 12 does not offer the cyrus-imapd package and hence Cyrus IMAP and POP
Mail Server is not available on SLES 12.

Users should consider a migration to Dovecot . SLES 12 does not provide
utilities for the migration however there are some community tools: http://
wiki2.dovecot.org/Migration/Cyrus

Configuration:

There is no yast support for dovecot configuration. If you want to deliver
local mails to dovecot follow this steps:

 1. Set MAIL_CREATE_CONFIG to "no" in /etc/sysconfig/mail to prohibit yast2 to
    override your configuration.

 2. Set mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a
    "$RECIPIENT" in /etc/postfix/main.cf

 3. Set mail_location = maildir:~/Maildir or to your prefered value in /etc/
    dovecot/conf.d/10-mail.conf

 4. Set a normal user as alias for root in /etc/aliases. Delivery to the user
    "root" is not possible.

 5. Execute following commands:

 1. postalias /etc/aliases

 2. systemctl restart postfix

 3. systemctl enable dovecot

 4. systemctl start dovecot

Autoyast:

The postfix_mda tag of the mail section may only contains following values:
local, procmail .

Replacing syslog-ng and syslog With rsyslog

On new installations, rsyslog will get installed instead of the former
syslog-ng and syslog .

Printing System: Improvements and Incompatible Changes

CUPS Version Upgrade to 1.7

CUPS >= 1.6 has major incompatible changes compared to CUPS up to version 1.5.4
in particular when printing via network:

The IPP protocol default version increased form 1.1 to 2.0. Older IPP servers
like CUPS 1.3.x (e.g. in SLE11) reject IPP 2.0 requests with "Bad Request" (see
http://www.cups.org/str.php?L4231 ). By adding '/version=1.1' to ServerName in
client.conf (e.g., ServerName older.server.example.com/version=1.1) or to the
CUPS_SERVER environment variable value or by adding it to the server name value
of the '-h' option (e.g., lpstat -h older.server.example.com/version=1.1 -p)
the older IPP protocol version for older servers must be specified explicitly.

CUPS Browsing is dropped in CUPS but the new package cups-filters provides the
cups-browsed that provides basic CUPS Browsing and Polling functionality. The
native protocol in CUPS for automatic client discovery of printers is now
DNS-SD. Start cups-browsed on the local host to receive traditional CUPS
Browsing information from traditional remote CUPS servers. To broadcast
traditional CUPS Browsing information into the network so that traditional
remote CUPS clients can receive it, set "BrowseLocalProtocols CUPS" in /etc/
cups/cups-browsed.conf and start cups-browsed.

Some printing filters and back-ends are dropped in CUPS but the new package
cups-filters provides them. So cups-filters is usually needed (recommended by
RPM) but cups-filters is not strictly required.

The cupsd configuration directives are split into two files: cupsd.conf (can
also be modified via HTTP PUT e.g. via cupsctl) and cups-files.conf (can only
be modified manually by root) to have better default protection against misuse
of privileges by normal users who have been specifically allowed by root to do
cupsd configuration changes (see http://www.cups.org/str.php?L4223 ,
CVE-2012-5519, and SUSE Bugzilla bnc#789566).

CUPS banners and the CUPS test page are no longer supported since CUPS >= 1.6.
The banners and the test page from cups-filters must be used. The CUPS banner
files in /usr/share/cups/banners/ and the CUPS testpage /usr/share/cups/data/
testprint (which is also a CUPS banner file type) are no longer provided in the
cups RPM because they do no longer work since CUPS >= 1.6 (see http://
www.cups.org/str.php?L4120) because there is no longer a filter that can
convert the CUPS banner files. Since CUPS >= 1.6 only the banner files and
testpage in the cups-filters package work via the cups-filters PDF workflow and
the cups-filters package also provides the matching bannertopdf filter.

For details, see the SUSE Bugzilla bnc#735404 issue.

Traditional CUPS version 1.5.4 Provided in the Legacy Module

We provide the last traditional CUPS version 1.5.4 as "cups154" RPMs in the
"legacy" module. If CUPS version 1.7 does not support particular needs, you can
still use CUPS 1.5.4 (under the conditions of the "legacy" module). This could
be important, if you need a traditional CUPS server with original CUPS Browsing
features.

For those users any (semi)-automated CUPS version upgrade must be prohibited
because CUPS > 1.5.4 has major incompatible changes compared to CUPS <= 1.5.4.
Therefore the CUPS 1.5.4 RPM package name contains the version and it conflicts
with higher versions. This way we avoid that an installed CUPS 1.5.4 gets
accidentally replaced with a higher version. It is not possible to have
different CUPS libraries versions installed at the same time.

The API in CUPS 1.7 is compatible with the CUPS 1.5.4 API (existing functions
are not changed) but newer CUPS libraries provide some new functions. There
could be applications that might use newer CUPS library functions so that such
applications would require the current CUPS 1.7 libraries. It is not possible
to use CUPS 1.5.4 together with applications that require the current CUPS 1.7
libraries.

PDF Now Common Printing Data Format

There is a general move away from PostScript to PDF as the standard print job
format. This change is advocated by the OpenPrinting workgroup of the Linux
Foundation and the CUPS author.

This means that application programs usually no longer produce PostScript
output by default when printing but instead PDF.

As a consequence the default processing how application programs printing
output is converted into the "language" that the particular printer accepts
(the so called "CUPS filter chain") has fundamentally changed from a
PostScript-centric workflow to a PDF-centric workflow.

Accordingly the upstream standard for CUPS under Linux (using CUPS plus the
cups-filters package) is now PDF-based job processing, letting every non-PDF
input be converted to PDF first, page management options being applied by a
pdftopdf filter and Ghostscript being called with PDF as input.

With PDF as the standard print job format traditional PostScript printers can
no longer print application's printing output directly so that a conversion
step in the printing workflow is required that converts PDF into PostScript.
But there are also PostScript+PDF printers that can print both PostScript and
PDF directly.

For details, see the section "Common printing data formats" in the SUSE wiki
article "Concepts printing" at http://en.opensuse.org/Concepts_printing .

groff: /etc/papersize No Longer Depends on sysconfig Variables

/etc/papersize no longer inherits settings from /etc/sysconfig/language when
running SuSEconfig .

Set /etc/papersize directly, e.g.:

echo "letter" > /etc/papersize

For details, see man 5 groff_font ('papersize string').

Modules

Advanced Systems Management Module

This Module gives you a sneak-peak into our upcoming systems management toolbox
which allows you to inspect systems remotely, store their system description
and create new systems to deploy them in datacenters and clouds. The toolbox is
still in active development and will get regular updates. We welcome feedback!

Access to this module is included in your SUSE Linux Enterprise Server
subscription. The module has a different lifecycle than SUSE Linux Enterprise
Server itself: as stability of APIs and ABIs is not yet guarateed, we support
this technology only on systems which apply all our updates to this channel in
a timely manner.

The package is called machinery, for more information see Machinery Project
Website .

SUSE Linux Enterprise Public Cloud Module 12

The Public Cloud Module is a collection of tools that enables you to create and
manage cloud images from the commandline on SUSE Linux Enterprise Server. When
building your own images with KIWI or SUSE Studio, initialization code specific
to the target cloud is included in that image.

Access to the Public Cloud Module is included in your SUSE Linux Enterprise
Server subscription. The module has a different lifecycle than SUSE Linux
Enterprise Server itself. Packages usually follow the upstream development
closely to enable you to take advantage of the most recent development in the
public cloud space.

Technical Information

This section contains information about system limits, a number of technical
changes and enhancements for the experienced user.

When talking about CPUs we are following this terminology:

CPU Socket

    The visible physical entity, as it is typically mounted to a motherboard or
    an equivalent.

CPU Core

    The (usually not visible) physical entity as reported by the CPU vendor.

    On System z this is equivalent to an IFL.

Logical CPU

    This is what the Linux Kernel recognizes as a "CPU".

    We avoid the word "thread" (which is sometimes used), as the word "thread"
    would also become ambiguous subsequently.

Virtual CPU

    A logical CPU as seen from within a Virtual Machine.

Virtualization: Network Devices Supported

SLE12 support the following virtualized network drivers:

  * FV Intel e1000

  * FV Realtek 8139

  * PV QEMU Virtualized NIC Card: virtio (Only KVM)

Virtualization: Devices Supported for Booting

SLE12 support VM guest to boot from:

  * Parallel ATA (PATA/IDE)

  * Advanced Host Controller Interface (AHCI)

  * Floppy Disk Drive (FDD)

  * virtio-blk

  * virtio-scsi

  * Preboot eXecution Environment (PXE) rom (for supported Network Interface
    Cards)

Boot from USB and PCI pass-through devices are not supported.

Virtualization: Supported Disks Formats and Protocols

Currently, the disk formats raw , qed (only KVM), qcow (ony Xen) and qcow2 has
Read-Write (RW) support. The vmdk , vpc , vhd/vhdx are only supported in
Read-Only (RO) mode. The http , https , ftp , ftps , tftp protocols are
supported for Read-Only access to images.

Under Xen the qed format will not be displayed as a selectable storage under
virt-manager .

Kernel Limits

http://www.suse.com/products/server/technical-information/#Kernel

This table summarizes the various limits which exist in our recent kernels and
utilities (if related) for SUSE Linux Enterprise Server 11.

+-----------------------------------------------------------------------------+
|    SLES 12 (3.12)    |      x86_64       |      s390x      |    ppc64le     |
|----------------------+-------------------+-----------------+----------------|
|CPU bits              |64                 |64               |64              |
|----------------------+-------------------+-----------------+----------------|
|max. # Logical CPUs   |8192               |256              |2048            |
|----------------------+-------------------+-----------------+----------------|
|max. RAM (theoretical |> 1 PiB/64 TiB     |4 TiB/256 GiB    |1 PiB/64 TiB    |
|/ certified)          |                   |                 |                |
|----------------------+-------------------+-----------------+----------------|
|max. user-/kernelspace|128 TiB/128 TiB    |?/?              |2 TiB/2 EiB     |
|----------------------+------------------------------------------------------|
|max. swap space       |up to 29 * 64 GB (x86_64) or 30 * 64 GB (other        |
|                      |architectures)                                        |
|----------------------+------------------------------------------------------|
|max. # processes      |1048576                                               |
|----------------------+------------------------------------------------------|
|max. # threads per    |Maximum limit depends on memory and other parameters  |
|process               |(Tested with more than 120000).                       |
|----------------------+------------------------------------------------------|
|max. size per block   |and up to 8 EiB on all 64-bit architectures           |
|device                |                                                      |
|----------------------+------------------------------------------------------|
|FD_SETSIZE            |1024                                                  |
+-----------------------------------------------------------------------------+

The Number of Kernel Modules in the kernel-extra Package Reduced

The following unsupported kernel modules have been dropped from the
kernel-extra package:

  * Staging drivers

  * IDE drivers on POWER

  * Open Sound System on x86_64

  * WAN drivers on x86_64

  * 1-Wire drivers

  * File systems: adfs, affs, befs, bfs, efs, freevxfs, hpfs, qnx4, jffs2, jfs,
    logfs, nilfs2, ubifs

KVM Limits

+-----------------------------------------------------------------------------+
|SLES 12 GA Virtual |                         Limits                          |
|   Machine (VM)    |                                                         |
|-------------------+---------------------------------------------------------|
|                   |unlimited (total number of virtual CPUs in all guests    |
|Max VMs per host   |being no greater than 8 times the number of CPU cores in |
|                   |the host)                                                |
|-------------------+---------------------------------------------------------|
|Maximum Virtual    |256                                                      |
|CPUs per VM        |                                                         |
|-------------------+---------------------------------------------------------|
|Maximum Memory per |4 TiB                                                    |
|VM                 |                                                         |
|-------------------+---------------------------------------------------------|
|Maximum Virtual    |                                                         |
|Block Devices per  |20 virtio-blk, 4 IDE                                     |
|VM                 |                                                         |
|-------------------+---------------------------------------------------------|
|Maximum number of  |8                                                        |
|Network Card per VM|                                                         |
+-----------------------------------------------------------------------------+

Virtual Host Server (VHS) limits are identical to SUSE Linux Enterprise Server.

Virtualization: Supported Live Migration Scenarios

The following KVM host operating system combinations will be fully supported
(L3) for live migrating guests from one host to another:

  * VM from a SLES12 host to SLES12 host

  * VM from a SLES11 SP3 host to SLES12 host

The following KVM host operating system combinations will be fully supported
(L3) for live migrating guests from one host to another, later when released:

  * VM from a SLES12 host to SLES12 SP1 host

  * VM from a SLES11 SP4 host to SLES 12 host

All guests as outlined in the Virtualization Guide , chapter Supported VM
Guests , are supported.

Backward migration is not supported:

  * VM from a SLE12 host to SLE11 SP3 host

  * VM from a SLE11 SP3 host to SP2/SP1 host

Xen Limits

Since SUSE Linux Enterprise Server 11 SP2, we removed the 32-bit hypervisor as
a virtualization host. 32-bit virtual guests are not affected and are fully
supported with the provided 64-bit hypervisor.

+-----------------------------------------------------------------------------+
| SLES 12 GA Virtual Machine  |                    Limits                     |
|            (VM)             |                                               |
|-----------------------------+-----------------------------------------------|
|Maximum VMs per host         |64                                             |
|-----------------------------+-----------------------------------------------|
|Maximum Virtual CPUs per VM  |64                                             |
|-----------------------------+-----------------------------------------------|
|Maximum Memory per VM        |16 GiB x86_32, 512 GiB x86_64                  |
|-----------------------------+-----------------------------------------------|
|Max Virtual Block Devices per|100 PV, 100 FV with PV drivers, 4 FV (Emulated |
|VM                           |IDE)                                           |
+-----------------------------------------------------------------------------+
+--------------------------------------------------------------------+
|SLES 12 GA Virtual Host Server (VHS)|            Limits             |
|------------------------------------+-------------------------------|
|Maximum Physical CPUs               |256                            |
|------------------------------------+-------------------------------|
|Maximum Virtual CPUs                |256                            |
|------------------------------------+-------------------------------|
|Maximum Physical Memory             |5 TiB                          |
|------------------------------------+-------------------------------|
|Maximum Dom0 Physical Memory        |500 GiB                        |
|------------------------------------+-------------------------------|
|Maximum Block Devices               |12,000 SCSI logical units      |
|------------------------------------+-------------------------------|
|Maximum iSCSI Devices               |128                            |
|------------------------------------+-------------------------------|
|Maximum Network Cards               |8                              |
|------------------------------------+-------------------------------|
|Maximum VMs per CPU Core            |8                              |
|------------------------------------+-------------------------------|
|Maximum VMs per VHS                 |64                             |
|------------------------------------+-------------------------------|
|Maximum Virtual Network Cards       |64 across all VMs in the system|
+--------------------------------------------------------------------+

In Xen 4.4, the hypervisor bundled with SUSE Linux Enterprise Server 12, Dom0
is able to see and handle a maximum of 512 logical CPUs. The hypervisor itself,
however, can access up to logical 256 logical CPUs and schedule those for the
VMs.

For more information about acronyms please refer to the official Virtualization
Documentation.

  * PV: Para Virtualization

  * FV: Full Virtualization

Migrate VMs from SLE11/xend to SLE12/libxl Using Live Migration

SLE 10 and SLE 11 use xend to manage guests. SLE 12 uses libxl to manage
guests. Live migration from xend to libxl is not implemented, nothing in a
libxl based tool stack is able to receive guests from xend. Furthermore, the
data format which describes guest configuration differs slightly between xend
and libxl.

The same applies to VMs managed by libvirtd because it uses either xend or
libxl to manage a VM.

At this point live migration from xend based hosts (SLE 10/SLE 11) to libxl
based hosts (SLE12) is not possible. Shutdown the guest on the SLE 11 host and
start it again on the SLE 12 host. For more information about this xend/xm to
xl/libxl , refer to the Official Virtualization Documentation .

File Systems

https://www.suse.com/products/server/technical-information/#FileSystem

SUSE Linux Enterprise was the first enterprise Linux distribution to support
journaling file systems and logical volume managers back in 2000. Later we
introduced xfs to Linux, which today is seen as the primary work horse for
large-scale file systems, systems with heavy load and multiple parallel read-
and write-operations. With SUSE Linux Enterprise 12 we are going the next step
of innovation and are using the Copy on Write file system btrfs as the default
for the operating system, to support system snapshots and rollback.

+-----------------------------------------------------------------------------+
|      Feature       |  Btrfs  |   XFS    | Ext4  |  Reiserfs   |  OCFS 2 **  |
|--------------------+---------+----------+-------+-------------+-------------|
|Data/Metadata       |N/A      |?/?       |       |?/?          |?/?          |
|Journaling          |         |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Journal internal/   |N/A      |?/?       |?/?    |             |             |
|external            |         |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Offline extend/     |?/?      |?/?       |?/?    |?/?          |             |
|shrink              |         |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Online extend/shrink|?/?      |?/?       |?/?    |?/?          |?/?          |
|--------------------+---------+----------+-------+-------------+-------------|
|Inode-Allocation-Map|B-tree   |B+-tree   |table  |u. B*-tree   |table        |
|--------------------+---------+----------+-------+-------------+-------------|
|Sparse Files        |?        |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Tail Packing        |?        |?         |?      |?            |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Defrag              |?        |?         |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|ExtAttr / ACLs      |?/?      |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Quotas              |?        |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|Dump/Restore        |?        |?         |?      |             |             |
|--------------------+--------------------------------------------------------|
|Blocksize default   |4KiB                                                    |
|--------------------+--------------------------------------------------------|
|max. Filesystemsize |16 EiB   |8 EiB     |1 EiB  |16 TiB       |4 PiB        |
|[1]                 |         |          |       |             |             |
|--------------------+---------+----------+-------+-------------+-------------|
|max. Filesize [1]   |16 EiB   |8 EiB     |1 EiB  |1 EiB        |4 PiB        |
|--------------------+---------+----------+-------+-------------+-------------|
|Support Status      |SLE      |SLE       |SLE    |SLE          |SLE HA       |
|--------------------+--------------------------------------------------------|
|                    |* Btrfs is copy-on-write file system. Rather than       |
|                    |journaling changes before writing them in-place, it     |
|                    |writes them to a new location, then links it in. Until  |
|                    |the last write, the new changes are not "committed". Due|
|                    |to the nature of the filesystem, quotas are implemented |
|                    |based on subvolumes ("qgroups"). The blocksize default  |
|                    |varies with different host architectures. 64KiB is used |
|                    |on ppc64le, 4KiB on most other systems. The actual size |
|                    |used can be checked with the command "getconf           |
|                    |PAGE_SIZE".                                             |
|--------------------+--------------------------------------------------------|
|                    |** OCFS2 is fully supported as part of the SUSE Linux   |
|                    |Enterprise High Availability Extension.                 |
|--------------------+--------------------------------------------------------|
|                    |*** Reiserfs is supported for existing filesystems, the |
|                    |creation of new reiserfs file systems is discouraged.   |
+-----------------------------------------------------------------------------+

The maximum file size above can be larger than the file system's actual size
due to usage of sparse blocks. Note that unless a file system comes with large
file support (LFS), the maximum file size on a 32-bit system is 2 GB (2^31
bytes). Currently all of our standard file systems (including ext3 and
ReiserFS) have LFS, which gives a maximum file size of 2^63 bytes in theory.
The numbers in the above tables assume that the file systems are using 4 KiB
block size. When using different block sizes, the results are different, but 4
KiB reflects the most common standard.

In this document: 1024 Bytes = 1 KiB; 1024 KiB = 1 MiB; 1024 MiB = 1 GiB; 1024
GiB = 1 TiB; 1024 TiB = 1 PiB; 1024 PiB = 1 EiB. See also http://
physics.nist.gov/cuu/Units/binary.html.

NFSv4 with IPv6 is only supported for the client side. A NFSv4 server with IPv6
is not supported.

This version of Samba delivers integration with Windows 7 Active Directory
Domains. In addition we provide the clustered version of Samba as part of SUSE
Linux Enterprise High Availability 11 SP3.

File System Layout

For general information about the file system layout, see the Administration
Guide, Chapter Snapper.

Additional Information

/run/media/<user_name> is now used as top directory for removable media mount
points. It replaces /media , which is not longer available.

Mounting /run as tmpfs

The directory /run, also sym-linked as /var/run, is mounted as tmpfs and thus
not persistent across reboots. Anything stored in this directory will be
removed when the machine is shut down.

Legal Notices

SUSE makes no representations or warranties with respect to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with respect to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to http://www.suse.com/
company/legal/ for more information on exporting SUSE software. SUSE assumes no
responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2010, 2011, 2012, 2013, 2014 SUSE LLC. This release notes document
is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States
License (CC-BY-ND-3.0 US, http://creativecommons.org/licenses/by-nd/3.0/us/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at http://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see Novell Trademark and Service Mark list (http://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thanks for using SUSE Linux Enterprise Server in your business.

The SUSE Linux Enterprise Server Team.

